Denial Of Service Vulnerability in Mybb All version in private.php Page Tested On 1.6* and 1.8.* ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@ # ##################################### ##################################### # Iranian Exploit DataBase # Mybb Cms (private.php Page) Denial Of Service Vulnerability # Vulnerability : Denial Of Service - Dos # Vulnerability on : (Search In private.php Page) # Version : 1.6* and 1.8.* # tested : 1.6.18 and 1.8.7 # Vendor site : http://mybb.com/ # Author : IeDb.Ir # Site : Www.IeDb.Ir - Www.IeDb.Ir/acc - xssed.Ir - kkli.ir # Vulnerability attack information site : http://xssed.Ir/ # Archive Exploit = http://kkli.ir/zcnux ##################################### # Bug : http://www.site.com/mybb/private.php Post Method : my_post_key=[user Post Key]&keywords=[Dos]&quick_search=[Dos]&fromfid=0&fid=1&jumpto=1&action=do_stuff ----------------------------- # Description : Hello. This security problem in one of the files related to mybb portal that can be used with it, in this disturbed system. Variables that can use it: keywords quick_search These variables are within the portal. You can also use a powerful program, it has a very long input, and disrupt the mybb system. the portal will be unavailable. Try a very long entrance give it better performance. You can also use a program written in Perl and use it to disrupt the system This section of the portal does not check its input. That's why you can get a very heavy input given to it, and repeat the command several times in a row The site can not process them all and this will cause the portal unavailable To Fix this, please refer to the iedb.ir and iedb.ir/acc site. No bugs files will be placed at the following link: http://iedb.ir/acc/thread-3164.html -------------- Exploit And Ddoser is private. The exploit only to send the news and is also in the process of this vulnerability. To request exploits, stay tuned with us: http://iedb.ir http://iedb.ir/acc/ http://irist.ir http://xssed.ir email : iedb.team@xxxxxxxxx tnks to : All Member In Iedb.ir and Iedb.ir/acc and And all the other friends that are associated with our team. ##################################### # Archive Exploit = http://iedb.ir/exploits-5032.html #####################################
