|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html
addmimistrator
gmail.com
Date: Wed Jun 28 2006 - 01:50:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ORIGINAL ADVISORY:
http://kapda.ir/page-advisory.html
http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html
——————-Summary—————-
Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.1.4
Class: Remote
Status: Patched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Medium
—————–Description—————
There is a security bug in MyBB 1.1.4 software (latest version fully patched) that allows attacker initualize arbitary varables with arbitary values and perform many attck kinds same SQLINJECTION attack.
READ ORIGINAL ADVISORY FOR MORE DETAIL
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]