----------------------------------------------------------------------

Reverse Engineer Wanted

Secunia offers a Security Specialist position with emphasis on
reverse engineering of software and exploit code, auditing of
source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

----------------------------------------------------------------------

TITLE:
MyBB Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA20873

VERIFY ADVISORY:
http://secunia.com/advisories/20873/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Manipulation of data

WHERE:
>From remote

SOFTWARE:
MyBB (formerly MyBulletinBoard) 1.x
http://secunia.com/product/4479/

DESCRIPTION:
Some vulnerabilities have been reported in MyBB, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks, and manipulate certain information.

1) Input passed via the "[url]" tag isn't properly sanitised before
being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) An error caused due to the archive/index.php script not defining
"KILL_GLOBALS" can be exploited to overwrite arbitrary variables.

This can further be exploited to manipulate SQL queries by injecting
arbitrary SQL code.

3) An unspecified error can be exploited to manipulate user groups.

4) Some unspecified input isn't properly sanitised before being used
in a SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.

The vulnerabilities have been reported in versions 1.0 PR 2 through
1.1.4.

SOLUTION:
Update to version 1.1.5.
http://www.mybboard.com/downloads.php

PROVIDED AND/OR DISCOVERED BY:
1-2) imei addmimistrator
3) makpaolo
4) Reported by the vendor

ORIGINAL ADVISORY:
http://community.mybboard.net/showthread.php?tid=10115
http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------