Mybb Plugin PRO STAT [SQLI]

Posted by Saadi On Saturday, 2 March 2013 3 comments
I was working on some mybb plugins and found some vulns in that..
So for now PRO STAT .

Vendors: http://prostats.wordpress.com

Pro stat is Well known Mybb plugin and vuln to sql injection Inside admin panel and Change viewer.
ITs not much exploitable but bcz u want admin logins but can be handy to dumping the db if u failed to shell it ;)

oka here

Goto Plugins ANd just inject num rows settings..
ITs vuln to most of the parameter inside settings.
LIke POST FIELD ps_num_rows etc.

Screen Shot

3 comments:

Unknown said...

nice 1...

Unknown said...

Great. :)

Pablo M. said...

It's good that you mention it. Lucy

Post a Comment