TUCoPS :: Web BBS :: Frequently Exploited :: b06-2131.htm

mybb v1.1.1(showthread.php) SQL Injection Exploit
mybb v1.1.1(showthread.php) SQL Injection Exploit
mybb v1.1.1(showthread.php) SQL Injection Exploit


----------------------------------=0D
foud by: Breeeeh=0D
Site: http://www.alshmokh.com=0D 
Email: Breeeeh@hotmail.com=0D 
----------------------------------=0D
=0D
$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT $start, $perpage");=0D
                while($getid = $db->fetch_array($query)) {=0D
                        $pids .= "$comma'$getid[pid]'";=0D
                        $comma = ",";=0D
                }=0D
=0D
-------------------=0D
=0D
example:=0D
/showthread.php?...$comma=[SQL]=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH