Jump to content

Mybb 1.6.2 Sql Injection Exploit


ShadowNET

Recommended Posts

---------------------------------------------------------------------------------------------------

# Author: Envy
# Website: www.leethackers.org/board/
# Shouts: www.HackHound.org
# This is an MyBB 1.6.2 SQL Injection Exploit. The search.php is affected. The SQLi can be performed
  and the username + password of admins and users stolen.
# Google Dork: intext:Powered by MyBB 1.6.2

---------------------------------------------------------------------------------------------------

Proof of Concept:


Find a forum that is powered by MyBB 1.6.2 using the dork I provided.

On most forums, you will need to register to use the search function. After you are there, enter this in the textbox:

' or ' or 1337'

Now hit Enter and you will see an error: You have an error in your SQL Syntax. 

Now you can perform a SQL Injection Attack. This is nothing for newbies, so please do not ask how to inject it then. MyBB 1.6.1 is vulnerable also! 

# www.leethackers.org

I am Envy, maybe you saw me in the Hacking scene :)

Link to comment
Share on other sites

Have you tried this yourself?

Link to comment
Share on other sites

Yes, I also discovered it. Worked on most of the forums I found.

Interesting, I tried on another forum i am registered with and didn't quite get the same results.

I would guess they have already patched up the vulnerability.

Link to comment
Share on other sites

There has been vulns similar to this for MyBB 1.6.x since at least October 2010. If you find something like this, you should report it to the vendor and send in your proof of concept to the exploit database for verification. What works on one server doesn't always work on another, and could be a flaw in their security settings as well. Even if the software was vulnerable to SQL injection attack, if they have other security mechanisms in place, find a site with the same version might not show the same results. Depends on how well they secure it to begin with.

Link to comment
Share on other sites

Basic SQL injection. Sanitizing queries solves that problem.

How something so simple can, really screw up your system security. Whenever I write apps in PHP, I always sanitize all the inputs, ensuring all the inputs are valid. I think its something that web application developers should practice more often, to ensure a safer web.

Link to comment
Share on other sites

  • 2 weeks later...

How something so simple can, really screw up your system security. Whenever I write apps in PHP, I always sanitize all the inputs, ensuring all the inputs are valid. I think its something that web application developers should practice more often, to ensure a safer web.

I couldn't agree more. However the issue still remains that web developers too often do not have any or much security experience with the tools in which they use. I suspect that as time progresses that we will see this trend change but likely not any time soon.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...