MyBB editpost.php posthash - SQL Injection Vulnerability

2012-12-31T00:00:00
ID EDB-ID:23781
Type exploitdb
Reporter Joshua Rogers
Modified 2012-12-31T00:00:00

Description

MyBB (editpost.php posthash) - SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            MyBB <1.6.9 is vulnerable to Stored, Error based, SQL Injection.

Vulnerable code:

/editpost.php

===
Line 398
===
$posthash_query = "posthash='{$posthash}' OR ";
===


It can be done by using Tamper Data(Or Live HTTP Headers), and when
submitting a post, edit the 'posthash' POST parameter to your payload,
submitting, then going to edit your post.


Small "HOWTO" in picture: http://imgur.com/a/JxfEI

This bug was not found by me, but afaik, I am the first one to release it.


-- 
*Joshua Rogers* - Retro Game Collector && IT Security Specialist
gpg pubkey <http://www.internot.info/docs/gpg_pubkey.asc.gpg>