mybb v1.1.1(rss.php) SQL Injection Exploit

2006.05.27
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89

---------------------------------- Foud By: Breeeeh & CrAzY CrAcKeR Site: www.alshmokh.com Email:Breeeeh (at) hotmail (dot) com [email concealed] ---------------------------------- $query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist"); $comma = " - "; while($forum = $db->fetch_array($query)) { $title .= $comma.$forum['name']; $forumcache[$forum['fid']] = $forum; $comma = ", "; ---------------------------------- Example: /rss.php?...$comma=[SQL]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top