MyBB1.1.1.txt

MyBB1.1.1.txt: Posted Apr 29, 2006; Authored by D3vil-0x1; MyBB 1.1.1 suffers from several SQL injections in the administration panel.; tags | exploit, sql injection; SHA-256 | a2edc1d4a52274f379fe151e7ac805f3fb0250208c58c30d0da4eb7c7fa4d15c; Download | Favorite | View

MyBB1.1.1.txt

MyBB Local SQL Injections ..

  [ This Local Injections Only For Admin ]

* 1 *
[code]
  adminfunctions.php , line 730

$db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['action']."','".$querystring."','".$ipaddress."')");

$querystring = Not Filtered

  Exploit Exm.
      /admin/adminlogs.php?action=view&D3vil-0x1=[SQL]'

Fix , Replace with

$db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['action']."','".addslashes($querystring)."','".$ipaddress."')");
[/code]

* 2 *
[code]
  templates.php , lines 107 to 114

$newtemplate = array(
  "title" => addslashes($mybb->input['title']),
  "template" => addslashes($mybb->input['template']),
  "sid" => $mybb->input['setid'],
  "version" => $mybboard['vercode'],
  "status" => "",
  "dateline" => time()
);

sid = Not Filtered

  Exploit Exm.
      /admin/templates.php?action=do_add&title=Devil&template=Div&setid=[SQL]'

Fix Replace with

$newtemplate = array(
    "title" => addslashes($mybb->input['title']),
    "template" => addslashes($mybb->input['template']),
    "sid" => addslashes($mybb->input['setid']),
    "version" => $mybboard['vercode'],
    "status" => "",
    "dateline" => time()
);
[/code]

* 3 *
[code]
  templates.php , line 600

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templatesets WHERE sid='".$expand."'");

$expand = $mybb->input['expand']; = Not Filtered

  Exploit Exm.
      /admin/templates.php?expand=' UNION ALL SELECT 1,2/*

Fix Replace With

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templatesets WHERE sid='".intval($expand)."'");
[/code]

* 4 *
[code]
  templates.php , line 424

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid1']."'");
  $template1 = $db->fetch_array($query);

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid2']."'");

  Exploit Exm.
      /admin/templates.php?action=diff&title=[SQL]'
        /admin/templates.php?action=diff&sid2=[SQL]'

Fix Replace With

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes($mybb->input['title'])."' AND sid='".intval($mybb->input['sid1'])."'");
  $template1 = $db->fetch_array($query);

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes(($mybb->input['title'])."' AND sid='".intval($mybb->input['sid2'])."'");
[/code]

MyBB Has Many Local Bugs ,, Fix It s00n ;)

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

MyBB1.1.1.txt

MyBB1.1.1.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

MyBB1.1.1.txt

Share This

MyBB1.1.1.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems