Bugtraq mailing list archives
mybb v1.1.1(rss.php) SQL Injection Exploit
From: Breeeeh () hotmail com
Date: 18 May 2006 15:35:43 -0000
---------------------------------- Foud By: Breeeeh & CrAzY CrAcKeR Site: www.alshmokh.com Email:Breeeeh () hotmail com ---------------------------------- $query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist"); $comma = " - "; while($forum = $db->fetch_array($query)) { $title .= $comma.$forum['name']; $forumcache[$forum['fid']] = $forum; $comma = ", "; ---------------------------------- Example: /rss.php?...$comma=[SQL]
Current thread:
- mybb v1.1.1(rss.php) SQL Injection Exploit Breeeeh (May 22)
- <Possible follow-ups>
- Re: mybb v1.1.1(rss.php) SQL Injection Exploit Steven M. Christey (May 25)