====================================================== Tekno.Portal v0.1b - Blind SQL Injection in "link.php" ====================================================== ____________________________________________________________________________________ # Exploit Title: Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability # Date: [08-01-2012] # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com ____________________________________________________________________________________ # Software Link: http://sourceforge.net/projects/teknoportal # Vulnerable Application: Tekno.Portal # Version: 0.1b # Vulnerable File: link.php (kat parameter) # Language: This application is available only in turkish language. # Product Description: Tekno.Portal is a content management system (CMS) developed in PHP; furthermore, a webmaster can use this application to manage files, store data, and more. ____________________________________________________________________________________ # Blind SQL Injection: http://www.website.com/teknoportal/link.php?kat=[Blind SQL Injection] ____________________________________________________________________________________