[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mybb Cms (private.php Page) Denial Of Service Vulnerability



Denial Of Service Vulnerability in Mybb All version in private.php Page
Tested On 1.6* and 1.8.*


#################################

#
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@            @@@  @@@@@@@
#     @@@    @@@@@@@@@@@    @@@  @@         @@@     @@            @@@  @@@@@@@@  
#     @@@    @@@            @@@    @@       @@@       @@          @@@  @@@  @@@  
#     @@@    @@@            @@@      @@     @@@     @@            @@@  @@@  @@@  
#     @@@    @@@@@@@@@@@    @@@       @     @@@@@@@@@@            @@@  @@@@@@
#     @@@    @@@@@@@@@@@    @@@     @@      @@@     @@            @@@  @@@@@@
#     @@@    @@@            @@@   @@        @@@       @@   @@@    @@@  @@@ @@@
#     @@@    @@@            @@@ @@          @@@     @@     @@@    @@@  @@@  @@@
#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@     @@@    @@@  @@@   @@@
#

#####################################

#####################################

#         Iranian Exploit DataBase

# Mybb Cms (private.php Page) Denial Of Service Vulnerability

# Vulnerability : Denial Of Service - Dos

# Vulnerability on : (Search In private.php Page)

# Version : 1.6* and 1.8.*

# tested : 1.6.18 and 1.8.7

# Vendor site : http://mybb.com/

# Author : IeDb.Ir

# Site : Www.IeDb.Ir   -   Www.IeDb.Ir/acc   -   xssed.Ir   -   kkli.ir

# Vulnerability attack information site : http://xssed.Ir/

# Archive Exploit = http://kkli.ir/zcnux

#####################################

# Bug :

http://www.site.com/mybb/private.php

Post Method :

my_post_key=[user Post Key]&keywords=[Dos]&quick_search=[Dos]&fromfid=0&fid=1&jumpto=1&action=do_stuff


-----------------------------


# Description :

Hello.
This security problem in one of the files related to mybb portal that can be used with it, in this disturbed system.

Variables that can use it:
keywords
quick_search

These variables are within the portal. You can also use a powerful program, it has a very long input, and disrupt the mybb system.
the portal will be unavailable.
Try a very long entrance give it better performance.

You can also use a program written in Perl and use it to disrupt the system


This section of the portal does not check its input.
That's why you can get a very heavy input given to it, and repeat the command several times in a row
The site can not process them all and this will cause the portal unavailable

To Fix this, please refer to the iedb.ir and iedb.ir/acc site.
No bugs files will be placed at the following link:

http://iedb.ir/acc/thread-3164.html

--------------

Exploit And Ddoser is private.
The exploit only to send the news and is also in the process of this vulnerability.
To request exploits, stay tuned with us:

http://iedb.ir

http://iedb.ir/acc/

http://irist.ir

http://xssed.ir

email : iedb.team@xxxxxxxxx

tnks to : All Member In Iedb.ir and Iedb.ir/acc and And all the other friends that are associated with our team.

#####################################

#  Archive Exploit = http://iedb.ir/exploits-5032.html

#####################################