Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

MyBB Code Injection Vulnerability

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
1,905
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Dec 21, 2010

MyBB LFI Vuln. described. Please don't use for bad ideas. It just for educational purpose.

Rıdvan KARATAŞ (r1dv4n@gmail.com)
Certified Ethical Hacker

Category:

Science & Technology

Tags:

License:

Standard YouTube License

Link to this comment:

Share to:

Uploader Comments (r1dv4n)

  • then, what should I type into the textfield?

    i tried this:

    none'; update mybb_users set usergroup=4 where uid=1212 or '

    this doesn't work, it's blocked by something like @burakbozyigit said (addslashes()) =))

    TaiAnjingLu 2 months ago

  • @TaiAnjingLu as I introduced I share this vul. because of educational purposes. I couldn't show what you should type into textfield. and yes it works at 1.4.4 and 1.4.6 versions

    r1dv4n 2 months ago

  • merhaba burakbozyigit,

    açığın temeli addslashesden değil mysql_real_escape_sctrings(); kullanılmadığından. konu da benimle değil MyBB forum sistemiyle alakalı. ben duyacağımı da bileceğimi de biliyorum merak etmeyin :)

    r1dv4n 10 months ago

see all

All Comments (7)

Sign In or Sign Up now to post a comment!

  • this worked on old mybb. I hacked a forum using your way, produces an empty select box.

    thanx.

    TaiAnjingLu 2 months ago

  • inglish fucking

    killersoco 5 months ago

  • Didn't you ever heard a function called "addslashes();" ?

    burakbozyigit 10 months ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more