[pandaa]

I've seen a lot of tutorials on another forum for example on how to use an SQL injection to hack a forum, but they don't make sense to me. Can anyone please clarify?

[Hardz]

Are you specifically wanting to SQL inject a forum or any website in general?

[Dismas]

Are you specifically wanting to SQL inject a forum or any website in general?

MyBB is a forum software. It's also the one we're using, haha.
The development team tends to stay on top of vulnerabilities and bugs, but you could look at plugins.

[Hardz]

Oh - I didn't see that bit in the title, my bad :p

[๖ۣۣۜۜFear]

MyBB had a plugin (award system) if I'm not mistaken that was vulnerable a while back...best bet is plugins, look for weaknesses in them.

[Sentry]

As far as i know, there is no open MyBB injections. It's pretty secure, they're always on top of all vulnerabilities. There will be plenty of plugins though that you could try and inject.

[Hardz]

Found this site for you: http://www.securiteam.com/products/M/MyBB.html

Most probably out-dated but worth a little look-over.

[๖ۣۣۜۜFear]

Found this site for you: http://www.securiteam.com/products/M/MyBB.html

Most probably out-dated but worth a little look-over.

Nice information, all you need to do is find a site with that information and then abuse it.

[Hardz]

Found this site for you: http://www.securiteam.com/products/M/MyBB.html

Most probably out-dated but worth a little look-over.

Nice information, all you need to do is find a site with that information and then abuse it.

Ahaha - exactly.

[Jewel]

Find a vulnerability and exploit it. The software itself isn't vulnerable as
of yet so it's your best option. Look around for new releases in the exp
database and you will be sure to find something. You could always try
and scan their ports too to see if there's anything vulnerable running.