[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mybb v1.1.1(rss.php) SQL Injection Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: mybb v1.1.1(rss.php) SQL Injection Exploit
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Thu, 25 May 2006 01:52:34 -0400 (EDT)

>Foud By: Breeeeh & CrAzY CrAcKeR

>$comma = " - ";
>...
>$title .= $comma.$forum['name'];
>...
>$comma = ", ";

This code snippet sets the $comma variable to static values, so it
doesn't look like the attacker can control them.

>Example:
>
>/rss.php?...$comma=[SQL]


Given the previous code snippet, how can $comma be modified from this
URL?


- Steve

Prev by Date: [CLOSED] SOE's implementation of Lithium Forums Software allows users to log on as each other.
Next by Date: Kaspersky antivirus 6: POP3 state machine error
Previous by thread: mybb v1.1.1(rss.php) SQL Injection Exploit
Next by thread: CANews Multiple Vulnerabilities
Index(es):
- Date
- Thread