This exploit demonstrates a SQL injection vulnerability in the MyYoutube MyBB plugin, allowing an attacker to escalate privileges by manipulating the usergroup value during a profile update. The PoC provides clear steps to exploit the vulnerability by injecting malicious input into the YouTube ID field.
Classification
Working Poc 90%
Target:
MyYoutube MyBB plugin version 1.0
Auth required
Prerequisites:
Access to a user account on the MyBB forum · The MyYoutube plugin must be installed and active