Exploit MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
26228
Проверка EDB
  1. Пройдено
Автор
STRANGER-KILLER
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2005-09-06
Код:
source: https://www.securityfocus.com/bid/14762/info

MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

misc.php :-

http://www.example.com/misc.php?action=rules&fid=-1' [SQL]

newreply.php :-

One may inject SQL data by submitting a HTTP POST with a modification
of the http header as follows:

Content-Disposition: form-data; name="icon"\r\n
\r\n
-1') [SQL] /*\r\n
 
Источник
www.exploit-db.com

Похожие темы