exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Gekko CMS SQL Injection

Gekko CMS SQL Injection
Posted Jun 30, 2010
Authored by []0iZy5

Gekko CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ebec3de39faf73b99706ef50949b18736ad189aeb735ba9f304c454b8ebeda8a

Gekko CMS SQL Injection

Change Mirror Download
##################################################################
##################################################################
# ___ ___ _ _____ __ _ #
# / _ \ / _ \| | | __ \ / _| | | #
# _ __| | | | | | | |_| | | | ___| |_ __ _ ___ ___ __| | #
# | '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` | #
# | | | |_| | |_| | |_| |__| | __/ || (_| | (_| __/ (_| | #
# |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| #
# #
# #
# +-+-+-+-+ #
# |C|r|e|w| #
# +-+-+-+-+ #
##################################################################
##################################################################
# [#] Gekko CMS (SQL Injection) Vulnerability #
# [#] Discovered By []0iZy5 #
# [#] http://r00tDefaced.com #
# [#] Greetz: sHoKeD-bYte, Gn0515, Nex & r00tDefaced Members #
##################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
# http://127.0.0.1/path/search/?cvx=[SQL Injection]
# http://127.0.0.1/path/search/?uid=[SQL Injection]
# http://127.0.0.1/path/search/action/search/?cvx=[SQL Injection]
# http://127.0.0.1/path/search/action/search/?uid=[SQL Injection]
#
# Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.
#
# Fix the vulnerability:
# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################

# r00tDefaced.com [29/June/2010]
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close