CVE-2006-3775

Mybulletinboard - SQL Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3775.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in MyBulletinBoard (MyBB) <= 1.1.5 via the CLIENT-IP HTTP header. It retrieves the admin login key through blind SQL injection and creates a new admin user.

Description

SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/2012

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in MyBulletinBoard (MyBB) <= 1.1.5 via the CLIENT-IP HTTP header. It retrieves the admin login key through blind SQL injection and creates a new admin user.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: MyBulletinBoard (MyBB) <= 1.1.5

No auth needed

Prerequisites: Target server running MyBB <= 1.1.5 · Network access to the target server

MITRE ATT&CK