header-logo
Suggest Exploit
vendor:
MyBB
by:
SecurityFocus
7.5
CVSS
HIGH
Global Variable Overwrite
20
CWE
Product Name: MyBB
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

MyBB Global Variable Overwrite Vulnerability

MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables. An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.

Mitigation:

Ensure that all user-supplied input is validated and filtered before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17564/info

MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables.

An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.

http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql

Navigation

Suggest Exploit

Services By CQR