12 lines
No EOL
526 B
Text
Executable file
12 lines
No EOL
526 B
Text
Executable file
source: http://www.securityfocus.com/bid/36460/info
|
|
|
|
MyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
MyBB 1.4.8 is vulnerable; other versions may also be affected.
|
|
|
|
The following examples are available:
|
|
|
|
simple query: ' or 1=1--
|
|
blind query: ' having 1=1-- |