# Exploit Title: Akiva Webboard 8.x SQL Injection + Plaintext Passwords in Profiles.# Google Dork: " /Powered by WebBoard 8"/# Date: 30.12.2011# Author: Alexander Fuchs# Software Link: http://www.akiva.com/default.asp?l=1&id=8# Version: 8.x# Tested on: Windows, Linux.# CVE :Nope.
It is possible to login as administrator with admin'--as username and
password.
You can now go in theadmin profil to look at the password which isin
plaintext in html.