Lucene search
+L

koobi-cms423.txt

🗓️ 24 Jun 2005 00:00:00Reported by security-tmp.net.ruType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 27 Views

SQL injection vulnerabilities detected in koobi-cms version 4.2.3 affecting parameters page and q.

Code
`  
  
SQL-injections in koobi-cms 4.2.3   
_____________________________________________________________   
The program: koobi-cms   
Homepage: http://www.dream4.de/   
Vulnerable Versions: 4.2.3   
Has found: CENSORED [SVT] 28.04.05   
_____________________________________________________________   
  
  
The description   
---------------   
  
Vulnerability has been found in parameter page. In koobi-cms it   
Refers to - p. Data transferred to this parameter not   
Are filtered. Owing to it it is possible to make SQL-injections.   
As at substitution of a symbol ', probably to define   
House dir a server.   
  
Still the mistake exists in parameter q. It is used for   
Search on a site.  
  
Examples   
--------  
  
http://127.0.0.1/index.php?p='[SQL code]   
http://127.0.0.1/index.php?area=1&p='[SQL code]   
http://127.0.0.1/index.php?q='[SQL code]   
  
  
The conclusion   
--------------   
  
Vulnerability is found out in version 4.2.3, on other versions   
Research did not spend. Probably they too are vulnerable.   
-------------------------------------------------------------   
  
CENSORED Search Vulnerabilities Team   
www.security-tmp.net.ru   
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation