mybb com

Edit Note: The page width is insufficient. If you want to view details in this article, please copy all the selected content to your computer notepad or Word document,The full text is displayed. MyBB 1.4 admin remote code execution vulnerabilityby flyh4tteam: http://www.80vul.comdate : 2010-01-10 test version MyBB 1.44.11 [1] vulnerability analysis in index. the code for the PHP file is about 336 lines: [co

Release date:Updated on: Affected Systems:MyBB dymy-user-agentDescription:--------------------------------------------------------------------------------Bugtraq id: 56931 The DyMy User Agent plug-in can be used to place small browsers and OS badges in the post based on the User Agent string. The MyBB DyMy User Agent (newreply. php) does not properly filter User-Agent Fields entered by users. The SQL injection vulnerability exists. Remote attackers ca

Affected Versions: MyBB 1.4.8Vulnerability Description: bugtraq id: 36463,36460 MyBB is a popular Web forum program. MyBB allows you to copy user names of other users and place spaces with a width of 0 in them. These two usernames seem completely consistent, which may lead to spoofing attacks. MyBB does not properly

MyBB Profile Album Plugin 'alipay' parameter SQL Injection Vulnerability Release date:Updated on: Affected Systems:MyBB Profile Album 0.9Description:--------------------------------------------------------------------------------Bugtraq id: 55943 MyBB is a popular Web forum program. The Profile Album plug-in has a security vulnerability. After successful exploitation, attackers can control applications,

Release date:Updated on: Affected Systems:MyBB 1.6.8Description:--------------------------------------------------------------------------------Bugtraq id: 53814 MyBB is a popular Web forum program. MyBB 1.6.8 has the SQL injection vulnerability. After successful exploitation, attackers can control applications, access or modify data, or exploit other vulnerabilities. *> Test method:-------------------

Release date: 2011-11-25Updated on: 2011-11-28 Affected Systems:MyBB 1.xDescription:--------------------------------------------------------------------------------Bugtraq id: 50816 MyBB is a popular Web forum program. MyBB has multiple security vulnerabilities, including cross-site scripting, cross-site request forgery, and other vulnerabilities. Attackers can exploit these vulnerabilities to execute ar

Release date:Updated on: Affected Systems:MyBB Profile BlogDescription:--------------------------------------------------------------------------------Bugtraq id: 56897 MyBB is a popular Web forum program. The Profile Blog plug-in can write information on the configuration page. Profile Blog 1.2 and other versions of/plugins/profileblogs. php have security vulnerabilities, which can cause SQL injection and XSS storage attacks. Link: http://packetstorm

Release date:Updated on: Affected Systems:MyBB 1.xDescription:--------------------------------------------------------------------------------Bugtraq id: 56960 MyBB is a fully functional and practical forum software. The editpost. php script of versions earlier than MyBB 1.6.9 does not correctly verify the validity of the "posthash" parameter, which can cause the SQL injection vulnerability. Remote attac

Release date:Updated on: Affected Systems:MyBB User Profile Skype IDDescription:--------------------------------------------------------------------------------Bugtraq id: 57096The User Profile Skype ID plug-in allows users to place their Skype IDs in their configuration files.User Profile Skype ID does not verify the legitimacy of the "skype" parameter in profileskype. php, which can cause the SQL code injection vulnerability. Remote attackers can execute arbitrary database operations through S

Release date:Updated on: Affected Systems:MyBB Social Sites 0.2.2Description:--------------------------------------------------------------------------------Bugtraq id: 56949 MyBB Social Sites is a plug-in that can be used to add Social websites. The MyBB Social Sites plug-in does not verify usercp. php script input. Remote attackers can inject malicious scripts into the webpage using multiple 'profile url'

The MyBB unset_globals () function is bypassed, causing remote code execution and analysis. Yesterday, we saw a remote code execution vulnerability in exploit-db. The analysis was very detailed. Unfortunately, it was written in English. Here is a simple translation. When register_globals = On, MyBB calls the unset_globals () function to implement register_globals = Off. if(@ini_get("register_globals") == 1)

MyBB is a free forum system. The storage-type cross-site scripting vulnerability exists in MyBB 1.6.2, which may cause cross-site scripting attacks. [+] Info:~~~~~~~~~MyBB Recent Topics Stored XSS VulnerabilityVersion: MyBB 1.6.2Plugin Page: http://mods.mybb.com/view/recent-topics-on-index-pageFound by: XinapseSite: h

Release date:Updated on: Affected Systems:MyBB AwaylistDescription:--------------------------------------------------------------------------------Bugtraq id: 57040MyBB is an excellent free forum software in the world.The ID parameter in index. php of MyBB Awaylist plug-in is not properly filtered, which can lead to illegal database operations.Link: http://sebug.net/vuldb/ssvid-60535*> Test method:------------------------------------------------------

Affected Versions:MyBB 1.4.10 vulnerability description: MyBB is a popular Web forum program. If you set the action to donate, MyBB's MYPS plug-in does not properly filter and submit it to myps. the username parameter of the php page is returned to the user. Remote attackers can execute cross-site scripting attacks by submitting malicious requests, resulting in arbitrary HTML and script code execution in users' browser sessions. Steven Abbagnaro (S