MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) SQL Injection

MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) SQL Injection açığı bulundu.
Açık hakkında oluşum yerleri ve gerekli açıklamalar;

# Exploit Title: Profile Albums MyBB plugin SQL Injection 0day
# Google Dork: inurl:albums.php intext:"powered by Mybb"
# Date: 14.10.2012
# Exploit Author: Th3FreakPony
# Software Link: http://mods.mybb.com/view/profilealbums
# Version: 0.9
# Tested on: Linux.
----------------------------------------------

The vulnerabillity exist within albums.php :

	<?
		/*Line 69*/	$aid = $mybb->input['album']; 
		/*Line 86*/	$query_add_breadcrumb = $db->simple_select("albums", "*", "aid='".$aid."'");
	?>

/albums.php?action=editimage&image=[Vaild_ID]&album=[Vaild_album_ID][SQLi]

(You need to create a new account && upload album and images)
----------------------------------------------
Image : http://i.imgur.com/yeAx0.png


Follow: https://twitter.com/PonyBlaze

One comment

  1. webpage dedi ki:

    I am curious to find out what blog system you have been using?
    I’m experiencing some small security issues with my latest blog and I’d like
    to find something more safe. Do you have any recommendations?

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir