Affected Versions: MyBB 1.4.8
Vulnerability Description: bugtraq id: 36463,36460
MyBB is a popular Web forum program.
MyBB allows you to copy user names of other users and place spaces with a width of 0 in them. These two usernames seem completely consistent, which may lead to spoofing attacks.
MyBB does not properly filter input transmitted through the avatar extension for use in SQL queries. Remote attackers can execute SQL injection attacks by uploading special names of avatar.
In addition, the vulnerability in Custom MyCode allows administrators to use eval expressions, but this vulnerability is less risky because administrators need to intrude into their forums.
<* Reference
Http://secunia.com/advisories/36803/
Http://dev.mybboard.net/issues/464
Http://dev.mybboard.net/issues/317
Http://dev.mybboard.net/issues/418
*> Test method:
The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk!
Simple query: or 1 = 1 --
Blind query: having 1 = 1 --
Rootkitsblog Security suggestion: vendor patch:
MyBB
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://mybboard.net/download/latest