[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
mybb v1.1.1(showthread.php) SQL Injection Exploit
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: mybb v1.1.1(showthread.php) SQL Injection Exploit
- From: Breeeeh@xxxxxxxxxxx
- Date: 9 May 2006 10:12:39 -0000
----------------------------------
foud by: Breeeeh
Site: http://www.alshmokh.com
Email: Breeeeh@xxxxxxxxxxx
----------------------------------
$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid'
$visible ORDER BY dateline LIMIT $start, $perpage");
while($getid = $db->fetch_array($query)) {
$pids .= "$comma'$getid[pid]'";
$comma = ",";
}
-------------------
example:
/showthread.php?...$comma=[SQL]