NoticeBoardPro 1.x SQL Injection

`[+] Author: TUNISIAN CYBER  
[+] Exploit Title: NoticeBoardPro v1.X SQL Injection vulnerability  
[+] Date: 27-12-2013  
[+] Category: WebApp  
[+] Google Dork: n/a  
[+] Tested on: KaliLinux  
[+] Vendor: http://www.noticeboardpro.com/  
  
  
########################################################################################  
  
+Description:  
NoticeBoardPro is an online, web-based, notice / bulletin board system that acts as a market place and lets you advertise.  
  
+Exploit:  
NoticeBoardPro Suffers from an SQL Injection vulnerability.  
  
File(s): deleteItem3.php  
deleteItem2.php  
deleteItem1.php  
Parameter:noticeID  
userID   
[PHP]  
$noticeID=$_GET['noticeID'];  
$userID=$_GET['userID'];  
  
mysql_connect("$hostName", "$dbusername", "$dbpassword");  
  
$result1 = mysql_query("SELECT * FROM $databaseName.notice_nbp where $databaseName.notice_nbp.noticeID = '$noticeID' and $databaseName.notice_nbp.userID = '$userID'");  
  
$result = mysql_query("DELETE FROM $databaseName.notice_nbp where $databaseName.notice_nbp.noticeID = '$noticeID' and $databaseName.notice_nbp.userID = '$userID'");  
[PHP]  
  
P.O.C:  
http://127.0.0.1/NoticeBoardPro/deleteItem3.php?noticeID=&userID=[SQL]  
./3nD  
########################################################################################  
Greets to: XMaX-tn, N43il HacK3r, XtechSEt  
Sec4Ever Members:  
DamaneDz  
UzunDz  
GEOIX  
########################################################################################  
`