This is a weird bug I found in MyBB. I fuzzed the input of the search.php file. This was my input given.
alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload
MyBB throws out a SQL error:
SELECT t.tid, t.firstpost FROM mybb_threads t WHERE 1=1 AND t.closed NOT LIKE 'moved|%' AND ( LOWER(t.subject) LIKE '%<foo> <h1> <script> alert (bar) () ; //%' LOWER(t.subject) LIKE '%> < prompt \x41 \%42 constructor onload%')
