K-Rate - SQL Injection

EDB-ID:

10824

CVE:

N/A


Author:

e.wiZz

Type:

webapps


Platform:

PHP

Date:

2009-12-30


K-Rate SQL Injection Vulnerability


By: e.wiZz!


#### Script site:http://turn-k.net/k-rate


In the wild...

#####################################


####Vulnerability:

SQL Injection in view.php,variable username.
Anyway, all sites i saw which are powered by this script are hosted on Apache,and have
a mod_rewrite enabled,so you need to try this:

http://inthewild/view/admi'n.html

You need to add .html at the end.