mybb version 1.1.1 suffers from a SQL injection vulnerability in rss.php.
10860e71d0aa58fad44435571581f29114b3706a0d7837fd2c013c63203a9f47
----------------------------------
Foud By: Breeeeh & CrAzY CrAcKeR
Site: www.alshmokh.com
Email:Breeeeh@hotmail.com
----------------------------------
$query = $db->query("SELECT * FROM ".TABLE_PREFIX."forums f WHERE 1=1 $forumlist");
$comma = " - ";
while($forum = $db->fetch_array($query))
{
$title .= $comma.$forum['name'];
$forumcache[$forum['fid']] = $forum;
$comma = ", ";
----------------------------------
Example:
/rss.php?...$comma=[SQL]