Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA20067] ManageEngine OpManager "searchTerm" Cross-Site Scripting

vbulletin security Alert

PhpListPro 2.01 Remote File Include Vulnerability

UBlog Remote XSS Exploit

From:	Breeeeh_(at)_hotmail.com <Breeeeh_(at)_hotmail.com>
Date:	11.05.2006
Subject:	mybb v1.1.1(showthread.php) SQL Injection Exploit

----------------------------------
foud by: Breeeeh
Site: http://www.alshmokh.com
Email: Breeeeh@hotmail.com
----------------------------------

$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT
$start, $perpage");
               while($getid = $db->fetch_array($query)) {
                       $pids .= "$comma'$getid[pid]'";
                       $comma = ",";
               }

-------------------

example:
/showthread.php?...$comma=[SQL]