On 22 June 2012 07:58, Henri Salo <henri@xxxxxxx> wrote: >> ######################################################################################### >> # >> # Expl0iTs : >> # >> # [TarGeT]/Patch/announcements.php?aid=1[Sql] >> # >> # >> ######################################################################################### > > Could not reproduce. Could you give working PoC? > > - Henri Salo Agreed, untested but this looks sanitised well enough to me: Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest $aid = intval($mybb->input['aid']); Can't see where in the page it's used unsanitised
