|
ORIGINAL ADVISORY:=0D
http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html=0D
=0D
=0D
=97=97=97=97=97=97-Summary=97=97=97=97=97-=0D
Software: MyBB=0D
Sowtware=92s Web Site: http://www.mybboard.com=0D
Versions: 1.1.1=0D
Class: Remote=0D
Status: Unpatched=0D
Exploit: Available=0D
Solution: Available=0D
Discovered by: imei addmimistrator=0D
Risk Level: medume-High=0D
=97=97=97=97=97=96Description=97=97=97=97=97=0D
There is a security bug in MyBB 1.1.1 software (latest version fully patched) that allows attacker performe a SQL Injection attack.=0D
=0D
bug is in result of weak regullar expression for cheknig email and also forgotting to addslash a value that entered in db and now fetch and reinsert it.=0D
=0D
=0D
MORE DETAILES IN ORIGINAL ADVISORY;)