This Perl script exploits an SQL injection vulnerability in MyBB's member.php by manipulating the 'uid' parameter to extract user password hashes via a UNION-based attack. It requires no authentication and directly queries the database for sensitive information.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:MyBB (version not specified)
No auth needed
Prerequisites:Target MyBB installation with vulnerable member.php endpoint · Network access to the target