|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 808 CVE : CVE-2006-2103 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Available : Yes Credit : o y 6 hotmail com Published : 01.05.2006
Advisory Content : MyBB Local SQL Injections .. [ This Local Injections Only For Admin ] * 1 * [code] adminfunctions.php , line 730 $db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['a ction']."','".$querystring."','".$ipaddress."')"); $querystring = Not Filtered Exploit Exm. /admin/adminlogs.php?action=view&D3vil-0x1=[SQL]' Fix , Replace with $db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['a ction']."','".addslashes($querystring)."','".$ipaddress."')"); [/code] * 2 * [code] templates.php , lines 107 to 114 $newtemplate = array( "title" => addslashes($mybb->input['title']), "template" => addslashes($mybb->input['template']), "sid" => $mybb->input['setid'], "version" => $mybboard['vercode'], "status" => "", "dateline" => time() ); sid = Not Filtered Exploit Exm. /admin/templates.php?action=do_add&title=Devil&template=Div&setid=[SQL]' Fix Replace with $newtemplate = array( "title" => addslashes($mybb->input['title']), "template" => addslashes($mybb->input['template']), "sid" => addslashes($mybb->input['setid']), "version" => $mybboard['vercode'], "status" => "", "dateline" => time() ); [/code] * 3 * [code] templates.php , line 600 $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templatesets WHERE sid='".$expand."'"); $expand = $mybb->input['expand']; = Not Filtered Exploit Exm. /admin/templates.php?expand=' UNION ALL SELECT 1,2/* Fix Replace With $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templatesets WHERE sid='".intval($expand)."'"); [/code] * 4 * [code] templates.php , line 424 $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid1']."'"); $template1 = $db->fetch_array($query); $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid2']."'"); Exploit Exm. /admin/templates.php?action=diff&title=[SQL]' /admin/templates.php?action=diff&sid2=[SQL]' Fix Replace With $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes($mybb->input['title'])."' AND sid='".intval($mybb->input['sid1'])."'"); $template1 = $db->fetch_array($query); $query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes(($mybb->input['title'])."' AND sid='".intval($mybb->input['sid2'])."'"); [/code] MyBB Has Many Local Bugs ,, Fix It s00n ;)  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |