MyBB 1.6.9 – ‘editpost.php?posthash’ Blind SQL Injection

• Exploit Database
• 91 阅读

• 作者： Joshua Rogers
  日期： 2012-12-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/23781/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  MyBB <1.6.9 is vulnerable to Stored, Error based, SQL Injection.   Vulnerable code:   /editpost.php   === Line 398 === $posthash_query = "posthash=&apos;{$posthash}&apos; OR "; ===     It can be done by using Tamper Data(Or Live HTTP Headers), and when submitting a post, edit the &apos;posthash&apos; POST parameter to your payload, submitting, then going to edit your post.     Small "HOWTO" in picture: http://imgur.com/a/JxfEI   This bug was not found by me, but afaik, I am the first one to release it.     -- *Joshua Rogers* - Retro Game Collector && IT Security Specialist gpg pubkey <http://www.internot.info/docs/gpg_pubkey.asc.gpg>