|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts
addmimistrator
gmail.com
Date: Tue Feb 07 2006 - 16:56:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ORIGINAL ADVISORY :
http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html
——————-Summary—————-
Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.0.3
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: high
—————–Description—————
There is a security bug in MyBB 1.0.3 software (latest version fully patched) file moderation.php that allows attacker performe an SQLINJECTION attack. bug is in result of poor checking quotes for “posts” input variable. Attacker with enough permissions in moderation and merging posts can perform any one of UPDATE / DELETE / and SELECT query on db.
————–Exploit———————-
mybb/moderation.php?posts=[firstpid]|[secondpid]‘[SQL]
&tid=[containertid]&action=do_multimergeposts&sep=hr
————–Solution———————
Not Available
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator[4]gmail[O]com
www.myimei.com
security.myimei.com
original advis:
http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]