Lucene search
+L

MyBB 1.6 SQL Injection

🗓️ 24 Dec 2010 00:00:00Reported by Aung KhantType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

MyBB 1.6 SQL Injection Vulnerability, upgrade to 1.6.

Code
`=================================  
MyBB 1.6 <= SQL Injection Vulnerability  
=================================  
  
  
  
1. OVERVIEW  
  
Potential SQL Injection vulnerability was detected in MyBB.  
  
  
2. APPLICATION DESCRIPTION  
  
MyBB is a free bulletin board system software package developed by the  
MyBB Group.  
It's supposed to be developed from XMB and DevBB bulletin board applications.  
  
  
3. VULNERABILITY DESCRIPTION  
  
The "keywords" parameter was not properly sanitized in /private.php  
and /search.php which leads to SQL Injection vulnerability.  
Full exploitation possibility is probably mitigated by clean_keywords  
and clean_keywords_ft functions in inc/functions_search.php.  
  
  
4. VERSIONS AFFECTED  
  
MyBB 1.6 and lower  
  
  
5. PROOF-OF-CONCEPT/EXPLOIT  
  
=> /search.php  
  
POST /mybb/search.php  
  
action=do_search&forums=2&keywords='+or+'a'+'a&postthread=1  
  
  
=> /private.php  
  
POST /mybb/private.php  
  
my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff  
  
  
6. SOLUTION  
  
Upgrade to 1.6.1  
  
  
7. VENDOR  
  
MyBB Development Team  
http://www.mybb.com/  
  
  
8. CREDIT  
  
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN  
Ethical Hacker Group, Myanmar.  
  
  
9. DISCLOSURE TIME-LINE  
  
2010-12-09: notified vendor  
2010-12-15: vendor released fixed version  
2010-12-24: vulnerability disclosed  
  
  
10. REFERENCES  
  
Original Advisory URL:  
http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection  
About MyBB: http://www.mybb.com/about/mybb  
  
  
#yehg [2010-12-24]  
  
  
---------------------------------  
Best regards,  
YGN Ethical Hacker Group  
Yangon, Myanmar  
http://yehg.net  
Our Lab | http://yehg.net/lab  
Our Directory | http://yehg.net/hwd  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation