MyBB 1.1 - Global Variable Overwrite

EDB-ID:

27667


Author:

imei

Type:

webapps


Platform:

PHP

Date:

2006-04-17


source: https://www.securityfocus.com/bid/17564/info

MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables.

An attacker can exploit this issue to overwrite the global variables with arbitrary input. Through control of the global variables, the attacker may be able to perform cross-site scripting, SQL-injection, and other attacks.

http://www.example.com/mybb/global.php?_SERVER[HTTP_CLIENT_IP]=â??sql