Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.
c71eed1836a67943fa03e0218fb566e5956562284ee6c837a7ec26e30d887446
======================================================
Tekno.Portal v0.1b - Blind SQL Injection in "link.php"
======================================================
____________________________________________________________________________________
# Exploit Title: Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability
# Date: [08-01-2012]
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: http://sourceforge.net/projects/teknoportal
# Vulnerable Application: Tekno.Portal
# Version: 0.1b
# Vulnerable File: link.php (kat parameter)
# Language: This application is available only in turkish language.
# Product Description: Tekno.Portal is a content management system (CMS) developed
in PHP; furthermore, a webmaster can use this application to manage files, store
data, and more.
____________________________________________________________________________________
# Blind SQL Injection:
http://www.website.com/teknoportal/link.php?kat=[Blind SQL Injection]
____________________________________________________________________________________
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed