[MyBB] Double dot (..) between file name and extension

Discussion in 'Chit Chat' started by bossArch, Jun 9, 2014.

  1. bossArch

    bossArch Participant


    as a warming to every admin forum here and there - MyBBoard.pl staff is devoted to manipulate files included within MyBB script. They call themselves Polish MyBB support.

    They add file(s) with double dot (..) between name and extension. This puts your forum on serious risk by allowing anyone to upload (via ftp) any file and script will change (or add) .php extension so code included could be executed.

    They claim no responsibility for it and denies any acknowledgement.

    I would use cautiuon when dealing with MyBBoard.pl
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.