MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is my forum is vulnerable to sql[help]
Full Version: Is my forum is vulnerable to sql[help]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

rahul19285

2011-02-03, 08:57 AM
sorry friends always asking for help
http://www.mysite.net/Forum/member.php^username=WCRTESTINPUT000000&password=WCRTESTINPUT000001&action=do_login&url=http://www.mysite.net/Forum/calendar.php
http://www.mysite.net/Forum/member.php^password=WCRTESTINPUT000001&action=do_login&url=http://www.mysite.net/Forum/search.php&username=WCRTESTINPUT000000
http://www.mysite.net/Forum/member.php^action=do_login&url=http://www.mysite.net/Forum/memberlist.php&username=WCRTESTINPUT000000&password=WCRTESTINPUT000001
http://www.mysite.net/Forum/member.php^username=WCRTESTINPUT000000&password=WCRTESTINPUT000001&action=do_login&url=http://www.mysite.net/Forum/member.php?action=profile&uid=2

I got this as post sql vulnerable

I am very confuse about this can any one explain me please

For any help i will be thankfullConfused

Alex Smith

2011-02-03, 01:25 PM
Umm what exactly are you posting? To my knowledge mybb doesn't use get for logins.

Edit : it also seems to be missing the salt.

Matt

2011-02-03, 06:17 PM
There's no SQL stuff there at all, if anything it's an XSS attack, but this was fixed in 1.6.1.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Is my forum is vulnerable to sql[help]