Bug: mybb v1.1.1(rss.php) SQL Injection Exploit ( Ascii Version )

Search:
WLB2

mybb v1.1.1(rss.php) SQL Injection Exploit

Published
Credit
Risk
2006.05.27
Breeeeh & CrAzY CrAcKeR
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2006-2589
CVE-2006-2601
No
Yes

----------------------------------

Foud By: Breeeeh & CrAzY CrAcKeR

Site: www.alshmokh.com

Email:Breeeeh (at) hotmail (dot) com [email concealed]

----------------------------------

$query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist");

$comma = " - ";

while($forum = $db->fetch_array($query))

{

$title .= $comma.$forum['name'];

$forumcache[$forum['fid']] = $forum;

$comma = ", ";

----------------------------------

Example:

/rss.php?...$comma=[SQL]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version