| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060509101239.15548.qmail@securityfocus.com>
Date: 9 May 2006 10:12:39 -0000
From: Breeeeh@...mail.com
To: bugtraq@...urityfocus.com
Subject: mybb v1.1.1(showthread.php) SQL Injection Exploit
----------------------------------
foud by: Breeeeh
Site: http://www.alshmokh.com
Email: Breeeeh@...mail.com
----------------------------------
$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT $start, $perpage");
while($getid = $db->fetch_array($query)) {
$pids .= "$comma'$getid[pid]'";
$comma = ",";
}
-------------------
example:
/showthread.php?...$comma=[SQL]
Powered by blists - more mailing lists