🔐Blog of OsandaSecurity Researching and Reverse Engineering pentesting

This is a weird bug I found in MyBB. I fuzzed the input of the search.php file. This was my input given.
alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload

MyBB throws out a SQL error:

SELECT t.tid, t.firstpost
FROM mybb_threads t
WHERE 1=1 AND t.closed NOT LIKE 'moved|%'
AND (  LOWER(t.subject) LIKE '%&amp;lt;foo&amp;gt; &amp;lt;h1&amp;gt; &amp;lt;script&amp;gt; alert (bar) () ; //%'  LOWER(t.subject)
LIKE '%&amp;gt; &amp;lt; prompt \x41 \%42 constructor onload%')

(more…)

🔐Blog of Osanda

Security Researching and Reverse Engineering

MyBB 1.6.12

MyBB 1.6.12 POST XSS 0day