Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-89 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Exploit Alert | High | Remote | 2012-12-04 |
# Exploit Title: AwayList MyBB plugin SQLi 0day # Google Dork: inurl:"awaylist.php" # Exploit Author: Red_Hat [NullSec] # Software Link: http://mods.mybb.com/view/awaylist # Tested on: Windows & Linux. Vulnerable code : <?php $query = $db->simple_select( // 245 "awaylist", '*', "id = '" . $mybb->input['id'] . "'" // 246 ); // 247 $item = $db->fetch_array($query); // 248 ?> The variable '$mybb->input['id']' remains unsanitized. Usage : http://www.site.com/index.php?action=editAwlItem&id=[SQLi] Shoutout to Zixem (Checked to see if it worked) <3 & NullSec :3
Copyright ©2024 Exploitalert.