mybb v1.1.1(rss.php) SQL Injection Exploit

Published
Credit
Risk
2006.05.27
Breeeeh & CrAzY CrAcKeR
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2006-2589
CVE-2006-2601
No
Yes

----------------------------------

Foud By: Breeeeh & CrAzY CrAcKeR

Site: www.alshmokh.com

Email:Breeeeh (at) hotmail (dot) com [email concealed]

----------------------------------

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist");

$comma = " - ";

while($forum = $db->fetch_array($query))

{

$title .= $comma.$forum['name'];

$forumcache[$forum['fid']] = $forum;

$comma = ", ";

----------------------------------

Example:

/rss.php?...$comma=[SQL]


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2015, cxsecurity.com