[+] Author: TUNISIAN CYBER [+] Exploit Title: NoticeBoardPro v1.X SQL Injection vulnerability [+] Date: 27-12-2013 [+] Category: WebApp [+] Google Dork: n/a [+] Tested on: KaliLinux [+] Vendor: http://www.noticeboardpro.com/ ######################################################################################## +Description: NoticeBoardPro is an online, web-based, notice / bulletin board system that acts as a market place and lets you advertise. +Exploit: NoticeBoardPro Suffers from an SQL Injection vulnerability. File(s): deleteItem3.php deleteItem2.php deleteItem1.php Parameter:noticeID userID [PHP] $noticeID=$_GET['noticeID']; $userID=$_GET['userID']; mysql_connect("$hostName", "$dbusername", "$dbpassword"); $result1 = mysql_query("SELECT * FROM $databaseName.notice_nbp where $databaseName.notice_nbp.noticeID = '$noticeID' and $databaseName.notice_nbp.userID = '$userID'"); $result = mysql_query("DELETE FROM $databaseName.notice_nbp where $databaseName.notice_nbp.noticeID = '$noticeID' and $databaseName.notice_nbp.userID = '$userID'"); [PHP] P.O.C: http://127.0.0.1/NoticeBoardPro/deleteItem3.php?noticeID=&userID=[SQL] ./3nD ######################################################################################## Greets to: XMaX-tn, N43il HacK3r, XtechSEt Sec4Ever Members: DamaneDz UzunDz GEOIX ########################################################################################