Bug: MyBB 1.1.1 Email Verification in User Activation SQL Injection Attack ( Ascii Version )

Search:
WLB2

MyBB 1.1.1 Email Verification in User Activation SQL Injection Attack

Published
Credit
Risk
2006.05.13
addmimistrator gmail com
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2006-2333
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

ORIGINAL ADVISORY:

http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-
activation-sql-injection-attack.html

??????-Summary?????-

Software: MyBB

Sowtware?s Web Site: http://www.mybboard.com

Versions: 1.1.1

Class: Remote

Status: Unpatched

Exploit: Available

Solution: Available

Discovered by: imei addmimistrator

Risk Level: medume-High

??????Description?????

There is a security bug in MyBB 1.1.1 software (latest version fully patched) that allows attacker performe a SQL
Injection attack.

bug is in result of weak regullar expression for cheknig email and also forgotting to addslash a value that entered in
db and now fetch and reinsert it.

MORE DETAILES IN ORIGINAL ADVISORY;)

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version