imei Addmimistrator’s BugBlog

——————-Summary—————-
Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.1.1
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: medume-High
—————–Description—————
There is a security bug in MyBB 1.1.1 software (latest version fully patched) that allows attacker performe a SQL Injection attack.bug is in result of weak regullar expression for cheknig email and also forgotting to addslash a value that entered in db and now fetch and reinsert it.

bug is in:
{usercp.php}914 & {member.php}809
“email” => $activation['misc'],
————–Conditions———————-
forums that have email verification system are affected!
————–Exploit———————-
Register,
specify your mail to ‘,additionalgroups=4/*@myimei.com
now try to guess activitation code activate your account.
you may even create an email with this structre (?!) and gain your code.
————–Solution———————
solution:
“email” => addslashes($activation['misc']),
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator[4]gmail[O]com
www.myimei.com
security.myimei.com

Posted by imei on Sunday, May 7th, 2006 at 7:43 pm.