Tekno.Portal 0.1b Blind SQL Injection

2012-08-01T00:00:00
ID PACKETSTORM:115232
Type packetstorm
Reporter Socket_0x03
Modified 2012-08-01T00:00:00

Description

                                        
                                            `  
======================================================  
Tekno.Portal v0.1b - Blind SQL Injection in "link.php"   
======================================================  
  
  
____________________________________________________________________________________  
  
  
# Exploit Title: Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability  
  
# Date: [08-01-2012]  
  
# Author: Socket_0x03 (Alvaro J. Gene)  
  
# Email: Socket_0x03 (at) teraexe (dot) com  
  
# Website: www.teraexe.com   
  
____________________________________________________________________________________  
  
# Software Link: http://sourceforge.net/projects/teknoportal  
  
# Vulnerable Application: Tekno.Portal  
  
# Version: 0.1b  
  
# Vulnerable File: link.php (kat parameter)  
  
# Language: This application is available only in turkish language.  
  
# Product Description: Tekno.Portal is a content management system (CMS) developed   
in PHP; furthermore, a webmaster can use this application to manage files, store  
data, and more.   
  
____________________________________________________________________________________  
  
  
# Blind SQL Injection:   
  
http://www.website.com/teknoportal/link.php?kat=[Blind SQL Injection]  
  
____________________________________________________________________________________  
`