Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: b06-1896.htm

MyBB 1.1.1 Local SQL Injections



MyBB 1.1.1 Local SQL Injections
MyBB 1.1.1 Local SQL Injections



MyBB Local SQL Injections ..=0D
=0D
	[ This Local Injections Only For Admin ]=0D
=0D
* 1 *=0D
[code]=0D
	adminfunctions.php , line 730=0D
=0D
$db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['action']."','".$querystring."','".$ipaddress."')");=0D
=0D
$querystring = Not Filtered=0D
=0D
	Exploit Exm.=0D
    	/admin/adminlogs.php?action=view&D3vil-0x1=[SQL]'=0D
=0D
Fix , Replace with=0D
=0D
$db->query("INSERT INTO ".TABLE_PREFIX."adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES ('".$mybbadmin['uid']."','".$now."','".$scriptname."','".$mybb->input['action']."','".addslashes($querystring)."','".$ipaddress."')");=0D
[/code]=0D
=0D
* 2 *=0D
[code]=0D
	templates.php , lines 107 to 114=0D
=0D
$newtemplate = array(=0D
	"title" => addslashes($mybb->input['title']),=0D
	"template" => addslashes($mybb->input['template']),=0D
	"sid" => $mybb->input['setid'],=0D
	"version" => $mybboard['vercode'],=0D
	"status" => "",=0D
	"dateline" => time()=0D
);=0D
=0D
sid = Not Filtered=0D
=0D
	Exploit Exm.=0D
    	/admin/templates.php?action=do_add&title=Devil&template=Div&setid=[SQL]'=0D
=0D
Fix Replace with=0D
=0D
$newtemplate = array(=0D
		"title" => addslashes($mybb->input['title']),=0D
		"template" => addslashes($mybb->input['template']),=0D
		"sid" => addslashes($mybb->input['setid']),=0D
		"version" => $mybboard['vercode'],=0D
		"status" => "",=0D
		"dateline" => time()=0D
);=0D
[/code]=0D
=0D
* 3 *=0D
[code]=0D
	templates.php , line 600=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templatesets WHERE sid='".$expand."'");=0D
=0D
$expand = $mybb->input['expand']; = Not Filtered=0D
=0D
	Exploit Exm.=0D
    	/admin/templates.php?expand=' UNION ALL SELECT 1,2/*=0D
=0D
Fix Replace With=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templatesets WHERE sid='".intval($expand)."'");=0D
[/code]=0D
=0D
* 4 *=0D
[code]=0D
	templates.php , line 424=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid1']."'");=0D
	$template1 = $db->fetch_array($query);=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".$mybb->input['title']."' AND sid='".$mybb->input['sid2']."'");=0D
=0D
	Exploit Exm.=0D
    	/admin/templates.php?action=diff&title=[SQL]'=0D
        /admin/templates.php?action=diff&sid2=[SQL]'=0D
=0D
Fix Replace With=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes($mybb->input['title'])."' AND sid='".intval($mybb->input['sid1'])."'");=0D
	$template1 = $db->fetch_array($query);=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."templates WHERE title='".addslashes(($mybb->input['title'])."' AND sid='".intval($mybb->input['sid2'])."'");=0D
[/code]=0D
=0D
MyBB Has Many Local Bugs ,, Fix It s00n ;)=0D
=0D
=0D
=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH