MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit

No description provided by source. !/usr/bin/perl MyBB =1.2.11 SQL Injection Exploit based on http://www.waraxe.us/advisory-64.html Needs MySQL =4.1 and a valid registration. By F use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; use HTML::Entities; print\n; print\n; print MyBB =1.2.11 SQL...

KikChat - Local File Inclusion / Remote Code Execution

KikChat http://127.0.0.1/KikChat/myroom/shell.php?cmd=whoami;id;uname -a;pwd;ls -al makase banyak : tau lo bentor to hulandalo tamongodula'a wau tamohutata, dulo ito momongulipu \\\\\\\\\\\\\\\\\\\\\\\\\ p.s malandingalo wa'u sebenarnya mohutu sploitz bo sekedar koleksi saja...

Sql injection

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...

CVE-2010-5096

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...

CVE-2010-5096

Multiple SQL injection vulnerabilities in MyBB (MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in do_search (search.php) or do_stuff (private.php). Vendor disputes claim of true SQL injection, noting it may only produce general SQ...

Уязвимости в MyBB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и SQL DB Structure Extraction уязвимостях в MyBB. Уязвимости имеют место в скриптах search.php и private.php. XSS WASC-08: http://websecurity.com.ua/uploads/2011/MyBB20XSS.html...

MyBB 1.6 - private.php?keywords SQL Injection

MyBB 1.6 - private.php?keywords SQL Injection source: https://www.securityfocus.com/bid/45565/info MyBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker ...

MyBB < 1.2.12 private.php options[disablesmilies] Parameter SQL Injection

Binary data 4353.prm...

Cross site scripting

Cross-site scripting XSS vulnerability in private.php in MyBB aka MyBulletinBoard allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949...

CVE-2007-0544

Cross-site scripting XSS vulnerability in private.php in MyBB aka MyBulletinBoard allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949...

CVE-2007-0544

Cross-site scripting XSS vulnerability in private.php in MyBB aka MyBulletinBoard allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949...

Jaws 0.5.2 - &#039;/include/JawsDB.php&#039; Remote File Inclusion

ToXiC Jaws 0.5.2: Remote File Inclusion by ToXiC CreW ToXic Security Italian CreW BuG FounD by Drago84 Application Affect: jaws 0.5.2 Sorce Code: http://forge.novell.com/modules/xfcontent/private.php/jaws/jaws-0.5.2/jaws-0.5.2.tar.gz Page: JawsDB.php Problem: GLOBALS"path" not Declare Dir :...

MyBB 1.1.2 New XSS

// MyBB 1.1.2 New XSS File :- private.php Ver. :- $do = $mybb-input'do'; Line :- 260 Action :- Preview HTTP Proof :-...

MyBB1.0.3-private.txt

\ORIGINAL ADVISORYimei addmimistrator Risk Level: high —————–Description————— There is some security bug in MyBB 1.0.3 software latest version fully patched file private.php that allows attacker performe an SQLINJECTION attack. bug is in result of poor checking quotations for user suplied...

[myimei]MyBB 1.0.3~private.php~multiple SqlInjection

ORIGINAL ADVISORY/ http://myimei.com/security/2006-02-11/mybb-103privatephpmultiple-sqlinjection.html Vendor Credit:http://community.mybboard.net/showthread.php?tid=6777 ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.0.3 Class: Remote Status: Unpatche...

vBulletin 2.x - private.php Cross-Site Scripting

vBulletin 2.x - private.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9940/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'ptivate.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for...