<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: MyBB 1.0.2 SQL injection

MyBB 1.0.2 SQL injection

From: <addmimistrator_at_gmail.com>
Date: 13 Jan 2006 11:37:01 -0000

('binary' encoding is not supported, stored as-is) Hey
this is a bug report for mybb software ( forum software downloadable from http://www.mybboard.com)
bug found by imei;
bug is in usercp.php file line 830 (ver 1.0.2 latest ver) that allows SQL injection
bug is in result of poor checking for $mybb->input['threadmode'] value that can have quote and can change other fields' values and may result to full access to admin cp (by injecting usergroup field)
bug is reported to vendor and perhaps they will patched it soon.

bests
imei
Received on Jan 15 2006

This message: [ Message body ]
Next message: night_warrior771_at_hotmail.com: "DCP Portal Cross-Site Scripting Vulnerability"
Previous message: Brooks, Shane: "WMF vulnerability was a deliberate backdoor?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos