MyBB MyStatus 3.1 SQL Injection

2011.10.13
Credit: Mario_Vs
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

--------------------------------------------------------------------- Exploit Title : MyBB MyStatus 3.1 --------------------------------------------------------------------- Author : Mario_Vs Date : 10/10/2011 Site : http://mariovs.pl/ @ : mario_vs[at]o2.pl --------------------------------------------------------------------- Description > Vendor : http://mods.mybb.com/download/mystatus Tested On : Windows 7 --------------------------------------------------------------------- SQL Injection http://localhost/mybb/process-mystatus.php?action=delete&statid=[SQLi] --------------------------------------------------------------------- --------------------------------------------------------------------- Greets To: linc0ln.dll, j4ck, lDoran, ElusiveN, d3dik, thc_flow, PricK, artii2 All users: HackinQ.pl


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top