EvilZone

Hacking and Security => Hacking and Security => Topic started by: 0wn4g3 on June 03, 2013, 04:52:55 PM

Title: mybb ajax chat 0day
Post by: 0wn4g3 on June 03, 2013, 04:52:55 PM

Take care all you guys who have a mybb forum with ajax chat plugin installed.
It's SQLi vulnerable .

Source:

Code: [Select]

http://1337day.com/exploit/20836
Just google this dork : intitle:MyBB Ajax Chat inurl:chat_frame.php

And you'll find many vulnerable forums by SQLi.

e.g

Code: [Select]

www.bios-mods.com/forum/   (big forum 50 K members about BIOS updates &modifications)

Their login panel (default lol , they should change it) :

Code: [Select]

http://www.bios-mods.com/forum/admin/Username : 1234s282
Password : 72e5262e3be89824b32c0817123e67d0:A1c2dion (hash:salt)

(I reported to the owner this bug of this site)

Have a nice time everyone,

#0wn4g3

Title: Re: mybb ajax chat 0day
Post by: Kulverstukas on June 03, 2013, 06:24:42 PM

code your links next time so that the vulnerable website doesn't receive pingbacks from this post :/
Thanks for posting, and btw, which server you on brah?