|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
MyBB 1.0.2 SQL injection in usercp.php
addmimistrator
gmail.com
Date: Sat Jan 14 2006 - 13:14:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
this is a bug report for MyBB 1.0.2(latest version)
bug found by imei
there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp.
bug is in result of poor checking of $mybb->input['threadmode'] value against all other values in usercp.php file line:830 ====>
"threadmode" => $mybb->input['threadmode'],
bug reported to vendors some days ago
bests.
imei
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]