MyBB version 1.2 suffers from a local file inclusion vulnerability in plugins.php.
e62e6d1047b1f79d23fcd62c88779179da4dda718562c1753a4fa6bde0783865Invalid characters removed from From: o.y.6@hotmail.com, |@securityfocus.com,
#### D3vil-0x1 MyBB Bug ###
## Local File Inclusion
##
## MyBB 1.2 -> Admin Can Include Local File :)
## File :- admin/plugins.php
Line :- 51
//*
if($mybb->input['action'] == "activate")
{
$codename = $mybb->input['plugin']; << Input From POST
$file = $codename.".php"; << Set File Type [ we can remove the type by NULL ( %00 ) ]
if($mybb->input['activate'])
{
.....
.....
}
elseif($mybb->input['deactivate'])
{
.....
.....
}
include "./inc/plugins/$file"; << Include BIG BUG :P
*//
#---------------------------------------------------------#
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed