MyBB versions 1.6 and below suffer from cross site scripting and remote SQL database structure extraction vulnerabilities.
3320e0bd94423c6489320f5b91a8c6ac09f313a547156cd5c906ad16adc2f962Hello list!
I want to warn you about Cross-Site Scripting and SQL DB Structure
Extraction vulnerabilities in MyBB.
-------------------------
Affected products:
-------------------------
Vulnerable are MyBB 1.6 and previous versions. In MyBB 1.6.1 these four
vulnerabilities were fixed (by turning SQL error messages off).
----------
Details:
----------
Vulnerabilities take place in scripts search.php and private.php.
XSS (WASC-08):
http://websecurity.com.ua/uploads/2011/MyBB%20XSS.html
http://websecurity.com.ua/uploads/2011/MyBB%20XSS-2.html
SQL DB Structure Extraction (WASC-13):
http://websecurity.com.ua/uploads/2011/MyBB%20SQL%20DB%20Structure%20Extraction.html
http://websecurity.com.ua/uploads/2011/MyBB%20SQL%20DB%20Structure%20Extraction-2.html
------------
Timeline:
------------
2011.02.10 - announced at my site.
2011.02.11 - informed developers.
2011.03.30 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4919/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed