Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

MyBB 1.0.2 SQL injection
From: addmimistrator () gmail com
Date: 13 Jan 2006 11:37:01 -0000
Hey
this is a bug report for mybb software ( forum software downloadable from http://www.mybboard.com)
bug found by imei;
bug is in usercp.php file line 830 (ver 1.0.2 latest ver) that allows SQL injection
bug is in result of poor checking for $mybb->input['threadmode'] value that can have quote and can change other fields' 
values and may result to full access to admin cp (by injecting usergroup field)
bug is reported to vendor and perhaps they will patched it soon.

bests
imei

  By Date           By Thread  

Current thread:
  • MyBB 1.0.2 SQL injection addmimistrator (Jan 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]