MyBB 跨站脚本和SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110077 漏洞类型 跨站脚本
发布时间 2006-04-17 更新时间 2006-04-20
CVE编号 CVE-2006-1912 CNNVD-ID CNNVD-200604-325
漏洞平台 PHP CVSS评分 5.8
|漏洞来源
https://www.exploit-db.com/exploits/27667
https://www.securityfocus.com/bid/83966
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-325
|漏洞详情
MyBB(MyBulletinBoard)1.1.0不能在(1)global.php和(2)inc/init.php中设置恒定的KILL_GLOBAL变量。这使得远程攻击者可以初始化由@extract命令处理的任意变量,然后这些变量可被利用来进行跨站脚本攻击或SQL注入攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/17564/info

MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables.

An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.

http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql
|受影响的产品
MyBulletinBoard MyBulletinBoard 1.10
|参考资料

来源:XF
名称:mybb-global-init-data-manipulation(25865)
链接:http://xforce.iss.net/xforce/xfdb/25865
来源:OSVDB
名称:24711
链接:http://www.osvdb.org/24711
来源:OSVDB
名称:24710
链接:http://www.osvdb.org/24710
来源:VUPEN
名称:ADV-2006-1381
链接:http://www.frsirt.com/english/advisories/2006/1381
来源:SECUNIA
名称:19668
链接:http://secunia.com/advisories/19668
来源:MISC
链接:http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html
来源:community.mybboard.net
链接:http://community.mybboard.net/showthread.php?tid=8232
来源:BUGTRAQ
名称:20060415[KAPDA]MyBB1.1.0~global.php~ParameterExtracting
链接:http://www.securityfocus.com/archive/1/archive/1/431061/30/5580/threaded