AOH :: Web BBS :: Frequently Exploited :: B06-2131.HTM

mybb v1.1.1(showthread.php) SQL Injection Exploit

mybb v1.1.1(showthread.php) SQL Injection Exploit
mybb v1.1.1(showthread.php) SQL Injection Exploit


----------------------------------=0D
foud by: Breeeeh=0D
Site: http://www.alshmokh.com=0D 
Email: Breeeeh@hotmail.com=0D 
----------------------------------=0D
=0D
$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT $start, $perpage");=0D
                while($getid = $db->fetch_array($query)) {=0D
                        $pids .= "$comma'$getid[pid]'";=0D
                        $comma = ",";=0D
                }=0D
=0D
-------------------=0D
=0D
example:=0D
/showthread.php?...$comma=[SQL]=0D
=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.