Pages: [1]

Author Topic: mybb ajax chat 0day  (Read 3211 times)

0 Members and 1 Guest are viewing this topic.

Offline 0wn4g3

  • /dev/null
  • *
  • Posts: 7
  • Cookies: 1
    • View Profile
mybb ajax chat 0day
« on: June 03, 2013, 04:52:55 pm »
Take care all you guys who have a mybb forum with ajax chat plugin installed.
It's SQLi vulnerable .

Source:
Code: [Select]
http://1337day.com/exploit/20836
Just google this dork : intitle:MyBB Ajax Chat inurl:chat_frame.php

And you'll find many vulnerable forums by SQLi.

e.g
Code: [Select]
www.bios-mods.com/forum/   (big forum 50 K members about BIOS updates &modifications)

Their login panel (default lol , they should change it) :
Code: [Select]
http://www.bios-mods.com/forum/admin/Username : 1234s282
Password : 72e5262e3be89824b32c0817123e67d0:A1c2dion (hash:salt)

(I reported to the owner this bug of this site)

Have a nice time everyone,

#0wn4g3
« Last Edit: June 03, 2013, 06:23:19 pm by Kulverstukas »
Report to moderator   Logged

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: mybb ajax chat 0day
« Reply #1 on: June 03, 2013, 06:24:42 pm »
code your links next time so that the vulnerable website doesn't receive pingbacks from this post :/
Thanks for posting, and btw, which server you on brah?
Report to moderator   Logged
Pages: [1]