EvilZone

Hacking and Security => Hacking and Security => : 0wn4g3 June 03, 2013, 04:52:55 PM

: mybb ajax chat 0day
: 0wn4g3 June 03, 2013, 04:52:55 PM

Take care all you guys who have a mybb forum with ajax chat plugin installed.
It's SQLi vulnerable .

Source:

:

http://1337day.com/exploit/20836
Just google this dork : intitle:MyBB Ajax Chat inurl:chat_frame.php

And you'll find many vulnerable forums by SQLi.

e.g

:

www.bios-mods.com/forum/   (big forum 50 K members about BIOS updates &modifications)

Their login panel (default lol , they should change it) :

:

http://www.bios-mods.com/forum/admin/Username : 1234s282
Password : 72e5262e3be89824b32c0817123e67d0:A1c2dion (hash:salt)

(I reported to the owner this bug of this site)

Have a nice time everyone,

#0wn4g3

: Re: mybb ajax chat 0day
: Kulverstukas June 03, 2013, 06:24:42 PM

code your links next time so that the vulnerable website doesn't receive pingbacks from this post :/
Thanks for posting, and btw, which server you on brah?