ShadowNET Posted March 27, 2011 Share Posted March 27, 2011 --------------------------------------------------------------------------------------------------- # Author: Envy # Website: www.leethackers.org/board/ # Shouts: www.HackHound.org # This is an MyBB 1.6.2 SQL Injection Exploit. The search.php is affected. The SQLi can be performed and the username + password of admins and users stolen. # Google Dork: intext:Powered by MyBB 1.6.2 --------------------------------------------------------------------------------------------------- Proof of Concept: Find a forum that is powered by MyBB 1.6.2 using the dork I provided. On most forums, you will need to register to use the search function. After you are there, enter this in the textbox: ' or ' or 1337' Now hit Enter and you will see an error: You have an error in your SQL Syntax. Now you can perform a SQL Injection Attack. This is nothing for newbies, so please do not ask how to inject it then. MyBB 1.6.1 is vulnerable also! # www.leethackers.org I am Envy, maybe you saw me in the Hacking scene :) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 27, 2011 Share Posted March 27, 2011 Have you tried this yourself? Quote Link to comment Share on other sites More sharing options...
ShadowNET Posted March 27, 2011 Author Share Posted March 27, 2011 Have you tried this yourself? Yes, I also discovered it. Worked on most of the forums I found. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 27, 2011 Share Posted March 27, 2011 Yes, I also discovered it. Worked on most of the forums I found. Interesting, I tried on another forum i am registered with and didn't quite get the same results. I would guess they have already patched up the vulnerability. Quote Link to comment Share on other sites More sharing options...
ShadowNET Posted March 27, 2011 Author Share Posted March 27, 2011 Interesting, I tried on another forum i am registered with and didn't quite get the same results. I would guess they have already patched up the vulnerability. Mind PM'ing me the Forum? Quote Link to comment Share on other sites More sharing options...
digip Posted March 27, 2011 Share Posted March 27, 2011 There has been vulns similar to this for MyBB 1.6.x since at least October 2010. If you find something like this, you should report it to the vendor and send in your proof of concept to the exploit database for verification. What works on one server doesn't always work on another, and could be a flaw in their security settings as well. Even if the software was vulnerable to SQL injection attack, if they have other security mechanisms in place, find a site with the same version might not show the same results. Depends on how well they secure it to begin with. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted March 27, 2011 Share Posted March 27, 2011 Basic SQL injection. Sanitizing queries solves that problem. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 27, 2011 Share Posted March 27, 2011 Basic SQL injection. Sanitizing queries solves that problem. How something so simple can, really screw up your system security. Whenever I write apps in PHP, I always sanitize all the inputs, ensuring all the inputs are valid. I think its something that web application developers should practice more often, to ensure a safer web. Quote Link to comment Share on other sites More sharing options...
L1f3less Posted April 7, 2011 Share Posted April 7, 2011 How something so simple can, really screw up your system security. Whenever I write apps in PHP, I always sanitize all the inputs, ensuring all the inputs are valid. I think its something that web application developers should practice more often, to ensure a safer web. I couldn't agree more. However the issue still remains that web developers too often do not have any or much security experience with the tools in which they use. I suspect that as time progresses that we will see this trend change but likely not any time soon. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.