MyBB Global Variable Overwrite Vulnerability
BID:17564
Info
MyBB Global Variable Overwrite Vulnerability
| Bugtraq ID: | 17564 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2006 12:00AM |
| Updated: | Apr 18 2006 06:51PM |
| Credit: | imei addmimistrator is credited with the discovery of this vulnerability. |
| Vulnerable: |
MyBulletinBoard MyBulletinBoard 1.1 |
| Not Vulnerable: |
MyBulletinBoard MyBulletinBoard 1.1.1 |
Discussion
MyBB Global Variable Overwrite Vulnerability
MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables.
An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.
MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables.
An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.
Exploit / POC
MyBB Global Variable Overwrite Vulnerability
Attackers may exploit this issue with a web browser.
The following example URI will perform an SQL-injection attack by overwriting the '_SERVER[HTTP_CLIENT_IP]' variable:
http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql
Attackers may exploit this issue with a web browser.
The following example URI will perform an SQL-injection attack by overwriting the '_SERVER[HTTP_CLIENT_IP]' variable:
http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql
Solution / Fix
MyBB Global Variable Overwrite Vulnerability
Solution:
The vendor has released an update addressing this issue:
MyBulletinBoard MyBulletinBoard 1.1
Solution:
The vendor has released an update addressing this issue:
MyBulletinBoard MyBulletinBoard 1.1
-
MyBulletinBoard MyBB 1.1.1
http://mybboard.net/downloads/?action=request&did=31&type=zip
References
MyBB Global Variable Overwrite Vulnerability
References:
References:
- MyBB 1.1.1 Released (MyBB)
- MyBulletinBoard Home Page (MyBulletinBoard)
- [KAPDA]MyBB1.1.0~global.php~ParameterExtracting ([email protected])