mybb v1.1.1(showthread.php) SQL Injection Exploit

foud by: Breeeeh
Site: http://www.alshmokh.com
Email: [email protected]

$query = $db->query("SELECT pid FROM ".TABLE_PREFIX."posts WHERE tid='$tid' $visible ORDER BY dateline LIMIT
$start, $perpage");
while($getid = $db->fetch_array($query)) {
$pids .= "$comma'$getid[pid]'";
$comma = ",";
}

example:
/showthread.php?..$comma=[SQL]