MyBB <1.6.9 is vulnerable to Stored, Error based, SQL Injection.

Vulnerable code:


Line 398
$posthash_query = "posthash='{$posthash}' OR ";

It can be done by using Tamper Data(Or Live HTTP Headers), and when
submitting a post, edit the 'posthash' POST parameter to your payload,
submitting, then going to edit your post.

Small "HOWTO" in picture:

This bug was not found by me, but afaik, I am the first one to release it.

*Joshua Rogers* - Retro Game Collector && IT Security Specialist
gpg pubkey <>
Rate this post
Брой прочитания на тази страница: 1176
MyBB (editpost.php, posthash) SQL Injection Vulnerability
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *