mybb v1.1.1(showthread.php) SQL Injection Exploit

Breeeeh@xxxxxxxxxxx · 9 May 2006 10:12:39 -0000



----------------------------------
foud by: Breeeeh
Site: http://www.alshmokh.com
Email: Breeeeh@xxxxxxxxxxx
----------------------------------

$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT $start, $perpage");
                while($getid = $db->fetch_array($query)) {
                        $pids .= "$comma'$getid[pid]'";
                        $comma = ",";
                }

-------------------

example:
/showthread.php?...$comma=[SQL]