Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11459
HistoryFeb 16, 2006 - 12:00 a.m.

[myimei]MyBB 1.0.3~private.php~multiple SqlInjection

2006-02-1600:00:00
vulners.com
36
JSON

\>>>>>>>>ORIGINAL ADVISORY<<<<<<<<<<</
http://myimei.com/security/2006-02-11/mybb-103privatephpmultiple-sqlinjection.html

Vendor Credit:http://community.mybboard.net/showthread.php?tid=6777

——————-Summary—————-
Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.0.3
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: <strong>imei addmimistrator</strong>
Risk Level: <strong>high</strong>
—————–Description—————
There is some security bug in MyBB 1.0.3 software (latest version fully patched) file
<strong>private.php</strong> that allows attacker performe an <strong>SQLINJECTION
</strong>attack.<!–more–> bug is in result of poor checking quotations for user suplied variables.
as this bug is an UPDATE&DELETE query execution on users table, attacker can easily make himself an forum
admin also other attacks are possible too.
————–Exploit———————-
examples provided here:
/mybb/private.php?action=do_folders&folder['<strong>sql</strong>]=nomatter
/mybb/private.php?action=do_folders&folder['<strong>sql</strong>]
/mybb/private.php?action=do_stuff&delete=1&check['<strong>sql</strong>]

also vendor may like to solve a sniffing bug while upgrade:
mybb/private.php?action=do_empty&empty[]=noyes

————–Solution———————
upgrade to vendors provided patch1.0.4
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
security.myimei.com

JSON