TUCoPS :: Web BBS :: Frequently Exploited :: b06-2372.htm

mybb v1.1.1(rss.php) SQL Injection Exploit
mybb v1.1.1(rss.php) SQL Injection Exploit
mybb v1.1.1(rss.php) SQL Injection Exploit


---------------------------------- =0D
Foud By: Breeeeh & CrAzY CrAcKeR=0D
Site: www.alshmokh.com =0D 
Email:Breeeeh@hotmail.com =0D 
----------------------------------=0D
=0D
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist");=0D
        $comma = " - ";=0D
        while($forum = $db->fetch_array($query))=0D
        {=0D
                $title .= $comma.$forum['name'];=0D
                $forumcache[$forum['fid']] = $forum;=0D
                $comma = ", ";=0D
=0D
----------------------------------=0D
=0D
Example: =0D
=0D
/rss.php?...$comma=[SQL]=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH