[KAPDA]http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html
ORIGINAL ADVISORY:
http://kapda.ir/page-advisory.html
http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html
??????-Summary?????-
Software: MyBB
Sowtware?s Web Site: http://www.mybboard.com
Versions: 1.1.4
Class: Remote
Status: Patched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level: Medium
??????Description?????
There is a security bug in MyBB 1.1.4 software (latest version fully patched)
that allows attacker initualize arbitary varables with arbitary values and
perform many attck kinds same SQLINJECTION attack.
READ ORIGINAL ADVISORY FOR MORE DETAIL