KubeLance 1.7.6 – ‘profile.php’ SQL Injection

• Exploit Database
• 15 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-06-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13931/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title:Kubelance SQL Injection
  Vendor url:http://www.kubelabs.com
  Version:1.7.6
  Price:90$
  Published: 2010-06-19
  Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
  all ICW members.
  Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  Description:
  
  Full Source Code
  
  When you purchase Kubelance you receive the full open source code allowing
  you to edit the software in any way you require.
  
  Installation
  
  Kubelance uses a simple wizard installations making it very easy to install
  but if you want our support team will install it for you free of charge.
  
  Escrow
  
  Kubelance features an integrated Escrow system that allow users to create
  and bid on projects with peace of mind that they will receive the correct
  amount for their endeavors.
  
  Templates
  
  Kubelance comes with 10 templates for you to choose from, each template
  comes packaged with the photoshop file so you can edit the logo, buttons,
  etc. Kubelance uses easy to edit html template files so creating your own
  unique template couldn't be easier.
  
  Languages
  
  Kubelance currently supports English, German, French, Spanish, Italian and
  Norwegian. The default Language can be quickly and easily changed from the
  admin area.
  
  If your required language is not currently supported it is very simple for
  you to translate it by creating a new language file. Individual users of the
  site can also select their required language from the manage account page.
  
  Upgrades
  
  The kubelabs support team is constantly working on bringing new features to
  Kubelance, clients are entitled to one year of free updates.
  
  Admin
  
  Kubelance uses a powerful Admin panel for controlling your site.
  
  Payment
  
  Plugin payment system (allows for additional payment methods to be installed
  easily)
  Charge a fee for each project and job
  Supports Paypal, NoChex, Money Bookers and egold.
  
  Additional features
  
  1 year of support via email
  Private Messaging.
  Allows buyer and provider to discuss projects.
  No need to setup a cronjob.
  Custom Fields, Collect extra data for projects and accounts.
  Attach files to projects and bids.
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *SQLi Vulnerability
  
  DEMO URL :
  
  http://server/kubelance/profile.php?id=[sql]
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #