header-logo
Suggest Exploit
vendor:
Bank v3
by:
Red_Hat [NullSec]
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Bank v3
Affected Version From: Bank v3
Affected Version To: Bank v3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows & Linux
2020

Bank v3 MyBB plugin SQLi 0day

The Bank v3 MyBB plugin is vulnerable to a SQL injection attack due to the variable '$mybb->input['id']' remaining unsanitized. An attacker can exploit this vulnerability by sending a malicious POST request to the bank.php page with the parameters 'r_pay' and 'r_username' containing a SQL injection payload. This will allow the attacker to execute arbitrary SQL queries on the vulnerable system.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Bank v3 MyBB plugin SQLi 0day
# Exploit Author: Red_Hat [NullSec]
# Software Link: http://mods.mybb.com/download/bank-v3
# Tested on: Windows & Linux.

Vulnerable code :

<?php
     $user=$_POST['r_username'];
     $pay=intval($_POST['r_pay']);
     $query_r=$db->query("SELECT * FROM ".TABLE_PREFIX."users WHERE username='$user'");
     $fetch=$db->fetch_array($query_r);
?>

The variable '$mybb->input['id']' remains unsanitized.

Usage : 
http://www.site.com/bank.php
/GET transactions=send
/POST r_pay=Red_Hat&r_username=[SQLi]

Shoutout to Zixem <3 & NullSec :3

Navigation

Suggest Exploit

Services By CQR