| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060215190110.18814.qmail@securityfocus.com> Date: 15 Feb 2006 19:01:10 -0000 From: addmimistrator@...il.com To: bugtraq@...urityfocus.com Subject: [myimei]MyBB 1.0.3~private.php~multiple SqlInjection \>>>>>>>>ORIGINAL ADVISORY<<<<<<<<<<</ http://myimei.com/security/2006-02-11/mybb-103privatephpmultiple-sqlinjection.html Vendor Credit:http://community.mybboard.net/showthread.php?tid=6777 ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.3 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: <strong>imei addmimistrator</strong> Risk Level: <strong>high</strong> —————–Description————— There is some security bug in MyBB 1.0.3 software (latest version fully patched) file <strong>private.php</strong> that allows attacker performe an <strong>SQLINJECTION </strong>attack.<!--more--> bug is in result of poor checking quotations for user suplied variables. as this bug is an UPDATE&DELETE query execution on users table, attacker can easily make himself an forum admin also other attacks are possible too. ————–Exploit———————- examples provided here: /mybb/private.php?action=do_folders&folder['<strong>sql</strong>]=nomatter /mybb/private.php?action=do_folders&folder['<strong>sql</strong>] /mybb/private.php?action=do_stuff&delete=1&check['<strong>sql</strong>] also vendor may like to solve a sniffing bug while upgrade: mybb/private.php?action=do_empty&empty[]=noyes ————–Solution——————— upgrade to vendors provided patch1.0.4 ————–Credit———————– Discovered by: imei addmimistrator addmimistrator(4}gmail(O}com www.myimei.com security.myimei.com
Powered by blists - more mailing lists