MyBB MyStatus 3.1 SQL Injection Vulnerability

———————————————————————
Exploit Title : MyBB MyStatus 3.1
———————————————————————

Author : Mario_Vs
Date : 10/10/2011
Site : http://mariovs.pl/
@ : mario_vs[at]o2.pl
———————————————————————

Description >

Vendor : http://mods.mybb.com/download/mystatus
Tested On : Windows 7
———————————————————————

SQL Injection

http://localhost/mybb/process-mystatus.php?action=delete&statid=[SQLi]
———————————————————————

———————————————————————

Greets To: linc0ln.dll, j4ck, lDoran, ElusiveN, d3dik, thc_flow, PricK, artii2

All users: HackinQ.pl

ZeroBox Vulnerability Database