On 22 June 2012 07:58, Henri Salo <[email protected]> wrote: >> ######################################################################################### >> # >> # Expl0iTs : >> # >> # [TarGeT]/Patch/announcements.php?aid=1[Sql] >> # >> # >> ######################################################################################### > > Could not reproduce. Could you give working PoC? > > - Henri Salo
Agreed, untested but this looks sanitised well enough to me: Code from version 1.6.8 (and 1.6.7 / 1.6.6): http://www.mybb.com/download/latest $aid = intval($mybb->input['aid']); Can't see where in the page it's used unsanitised
