MyBB 1.0.2 SQL injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MyBB 1.0.2 SQL injection
From: addmimistrator@xxxxxxxxx
Date: 13 Jan 2006 11:37:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hey
this is a bug report for mybb software ( forum software downloadable from 
http://www.mybboard.com)
bug found by imei;
bug is in usercp.php file line 830 (ver 1.0.2 latest ver) that allows SQL 
injection
bug is in result of poor checking for $mybb->input['threadmode'] value that can 
have quote and can change other fields' values and may result to full access to 
admin cp (by injecting usergroup field)
bug is reported to vendor and perhaps they will patched it soon.

bests
imei

Prev by Date: WMF vulnerability was a deliberate backdoor?
Next by Date: DCP Portal Cross-Site Scripting Vulnerability
Previous by thread: RE: WMF vulnerability was a deliberate backdoor?
Next by thread: DCP Portal Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread