Re: MyBB 1.0.2 SQL injection in usercp.php

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: MyBB 1.0.2 SQL injection in usercp.php
From: o.y.6@xxxxxxxxxxx
Date: 15 Jan 2006 16:28:39 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hiz .. look at phpMyAdmin or you database

threadmode << After >> usergroup .. then you can't edit usergroup to get super 
acsses to any user you wn't

UPDATE Query :- 

','','','')/* Only You CAn Edit

showsigs         showavatars     showquickreply         ppp      tpp     
daysprune       dateformat      timeformat      timezone        dst     
buddylist  ignorelist           style           away    awaydate  returndate    
awayreason      pmfolders       notepad         rating          referrer        
reputation      regip           language        timeonline      showcodebuttons

//* Do You Have Any Idea For That ? *//

Prev by Date: Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust
Next by Date: [eVuln] Benders Calendar SQL Injection
Previous by thread: MyBB 1.0.2 SQL injection in usercp.php
Next by thread: WMF vulnerability was a deliberate backdoor?
Index(es):
- Date
- Thread