[myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts
From: addmimistrator@xxxxxxxxx
Date: 7 Feb 2006 22:56:23 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

ORIGINAL ADVISORY :
http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html
??????-Summary?????-
Software: MyBB
Sowtware?s Web Site: http://www.mybboard.com
Versions: 1.0.3
Class: Remote
Status: Unpatched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: high
??????Description?????
There is a security bug in MyBB 1.0.3 software (latest version fully patched) 
file moderation.php that allows attacker performe an SQLINJECTION attack. bug 
is in result of poor checking quotes for ?posts? input variable. Attacker with 
enough permissions in moderation and merging posts can perform any one of 
UPDATE / DELETE / and SELECT query on db.
?????Exploit???????-
mybb/moderation.php?posts=[firstpid]|[secondpid]?[SQL]
&tid=[containertid]&action=do_multimergeposts&sep=hr
?????Solution???????
Not Available
?????Credit????????
Discovered by: imei addmimistrator
addmimistrator[4]gmail[O]com
www.myimei.com
security.myimei.com
original advis:
http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html

Prev by Date: [myimei]MyBB 1.0.2 XSS attack in search.php
Next by Date: [ MDKSA-2006:037 ] - Updated mozilla-firefox packages to address DoS vulnerability
Previous by thread: Re: [myimei]MyBB 1.0.2 XSS attack in search.php
Next by thread: [ MDKSA-2006:037 ] - Updated mozilla-firefox packages to address DoS vulnerability
Index(es):
- Date
- Thread