MyBB 1.6.1 Released
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #10
RE: MyBB 1.6.1 Released
I believe it's an XSS fix, which isn't *too* big of a hole TBH.  It's been public knowledge for a while anyway: http://dev.mybb.com/issues/1331
Worst case scenario for an XSS attack is that someone gets an admin account, however, they'll unlikely be able to get AdminCP access.

Considering that so many custom MyCodes essentially give XSS vulnerabilities, and no-one seems to notice until I point it out, I really doubt you're at much risk of an XSS based attack.
Nevertheless, it's possible I guess >_>

For people who mod files, just do a diff of your modified files against a stock 1.6.0 (WinMerge is handy) to find what you've modified.  You can even try creating a patch file and applying it to 1.6.1, though it may not work.

My Blog
(This post was last modified: 12-17-2010 09:13 AM by ZiNgA BuRgA.)
12-17-2010 09:10 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
MyBB 1.6.1 Released - RocketFoot - 12-17-2010, 12:50 AM
RE: MyBB 1.6.1 Released - leefish - 12-17-2010, 01:10 AM
RE: MyBB 1.6.1 Released - RocketFoot - 12-17-2010, 01:13 AM
RE: MyBB 1.6.1 Released - MattR - 12-17-2010, 01:33 AM
RE: MyBB 1.6.1 Released - leefish - 12-17-2010, 01:54 AM
RE: MyBB 1.6.1 Released - MattR - 12-17-2010, 02:23 AM
RE: MyBB 1.6.1 Released - leefish - 12-17-2010, 02:24 AM
RE: MyBB 1.6.1 Released - MasterZuFu - 12-17-2010, 02:34 AM
RE: MyBB 1.6.1 Released - RocketFoot - 12-17-2010, 03:12 AM
RE: MyBB 1.6.1 Released - ZiNgA BuRgA - 12-17-2010 09:10 AM
RE: MyBB 1.6.1 Released - Tomm - 12-17-2010, 06:51 PM
RE: MyBB 1.6.1 Released - RocketFoot - 12-17-2010, 10:33 PM
RE: MyBB 1.6.1 Released - RocketFoot - 12-18-2010, 01:24 AM

 Standard Tools
Forum Jump: