7 lines
No EOL
520 B
Text
7 lines
No EOL
520 B
Text
source: http://www.securityfocus.com/bid/17564/info
|
|
|
|
MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables.
|
|
|
|
An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.
|
|
|
|
http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql |