miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
The Other miniBB Support Forums / The Other /  
 

SQL & XSS injections

 
Author Thew
Partaker
#1 | Posted: 1 Dec 2010 11:48 
Hey

I have heard that MiniBB is vunerable for SQL and XSS injections? When are they gonna remove those injections? Please ASAP? Everyone using miniBB's website is in great danger!

Please remove them, because beside that, miniBB is great forum software!

Author tom322
Active Member
#2 | Posted: 1 Dec 2010 13:17 
Come down, any knows problems are fixed in miniBB 2.5a. Unless you know something that others don't know..?

Author Paul
Lead Developer 
#3 | Posted: 2 Dec 2010 03:32 
"I have heard" is not the fact. Give us some facts or exact URLs, may be there is something we don't know about.

We fix XSS and SQL injection issues as soon as they come up. What you may read / browse on Internet, could be outdated. If you are reading news or text regarding this, pay attention to the publishing date. Some news are marked 2008, 2006 or even 2004. Of course, we have fixed all those issues long time ago for the recent release.

Keep on.

BTW any website using open source software, is in danger. All websites using Wordpress are in danger. All forums using phpBB or vBulletin are in danger. Come on, you life is in danger every second. Be serious about such complaints.

Author Thew
Partaker
#4 | Posted: 2 Dec 2010 07:36 
Google;
exploit-db[dot]com/exploits/15415/
secgeeks[dot]com/minibb_sql_injection.html
juniper[dot]net/security/auto/vulnerabilities/vuln28930.html

And they're talking about the newest version: 2.5!

Author tom322
Active Member
#5 | Posted: 2 Dec 2010 09:03 
Thew:
the newest version: 2.5!
Version 2.5 is a history. The latest version is 2.5a which fixed them all.

Author Paul
Lead Developer 
#6 | Posted: 3 Dec 2010 03:37 
The first one was fixed in 2.5.

The second one refers to November 4th, 2007 where it was posted (now we have 2010 ending) - and again, I am not sure what this guy is writing about. No proofs of contest available - the same way you may write about any software.

The third one refers to miniBB 2.2, the version from 2008.

You don't have to doubt that everything you can find on Internet, is already fixed in miniBB, or if it's a "fresh" issue, it's going to be fixed in a business day term.

The Other miniBB Support Forums / The Other /
 SQL & XSS injections
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Install the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑