[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : K-Rate SQL Injection Vulnerability
# Published : 2009-12-30
# Author : e.wiZz
# Previous Title : UranyumSoft Ylan Servisi Database Disclosure Vulnerability
# Next Title : vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability


K-Rate SQL Injection Vulnerability


By: e.wiZz!


#### Script site:http://turn-k.net/k-rate


In the wild...

#####################################


####Vulnerability:

SQL Injection in view.php,variable username.
Anyway, all sites i saw which are powered by this script are hosted on Apache,and have
a mod_rewrite enabled,so you need to try this:

http://inthewild/view/admi'n.html

You need to add .html at the end.