Kubelance SQL Injection profile.php?id

ID EDB-ID:13931
Type exploitdb
Reporter L0rd CrusAd3r
Modified 2010-06-18T00:00:00


Kubelance SQL Injection (profile.php?id). Webapps exploit for php platform

                                            Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Kubelance SQL Injection
Vendor url:http://www.kubelabs.com
Published: 2010-06-19
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com


Full Source Code

When you purchase Kubelance you receive the full open source code allowing
you to edit the software in any way you require.


Kubelance uses a simple wizard installations making it very easy to install
but if you want our support team will install it for you free of charge.


Kubelance features an integrated Escrow system that allow users to create
and bid on projects with peace of mind that they will receive the correct
amount for their endeavors.


Kubelance comes with 10 templates for you to choose from, each template
comes packaged with the photoshop file so you can edit the logo, buttons,
etc. Kubelance uses easy to edit html template files so creating your own
unique template couldn't be easier.


Kubelance currently supports English, German, French, Spanish, Italian and
Norwegian. The default Language can be quickly and easily changed from the
admin area.

If your required language is not currently supported it is very simple for
you to translate it by creating a new language file. Individual users of the
site can also select their required language from the manage account page.


The kubelabs support team is constantly working on bringing new features to
Kubelance, clients are entitled to one year of free updates.


Kubelance uses a powerful Admin panel for controlling your site.


Plugin payment system (allows for additional payment methods to be installed
Charge a fee for each project and job
Supports Paypal, NoChex, Money Bookers and egold.

Additional features

1 year of support via email
Private Messaging.
Allows buyer and provider to discuss projects.
No need to setup a cronjob.
Custom Fields, Collect extra data for projects and accounts.
Attach files to projects and bids.



*SQLi Vulnerability



# 0day n0 m0re #
# L0rd CrusAd3r #