K-Rate - SQL Injection

EDB-ID:

10824

CVE:

N/A

Author:

e.wiZz

Type:

webapps

Platform:

PHP

Published:

2009-12-30

K-Rate SQL Injection Vulnerability


By: e.wiZz!


#### Script site:http://turn-k.net/k-rate


In the wild...

#####################################


####Vulnerability:

SQL Injection in view.php,variable username.
Anyway, all sites i saw which are powered by this script are hosted on Apache,and have
a mod_rewrite enabled,so you need to try this:

http://inthewild/view/admi'n.html

You need to add .html at the end.