Gekko CMS SQL Injection

Gekko CMS SQL Injection: Posted Jun 30, 2010; Authored by []0iZy5; Gekko CMS suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | ebec3de39faf73b99706ef50949b18736ad189aeb735ba9f304c454b8ebeda8a; Download | Favorite | View

Gekko CMS SQL Injection

##################################################################
##################################################################
#          ___   ___  _   _____        __                   _    #
#         / _ \ / _ \| | |  __ \      / _|                 | |   #
#    _ __| | | | | | | |_| |  | | ___| |_ __ _  ___ ___  __| |   #
#   | '__| | | | | | | __| |  | |/ _ \  _/ _` |/ __/ _ \/ _` |   #
#   | |  | |_| | |_| | |_| |__| |  __/ || (_| | (_|  __/ (_| |   #
#   |_|   \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_|   #
#                                                                #
#                                                                #
#                                             +-+-+-+-+          #
#                                             |C|r|e|w|          #
#                                             +-+-+-+-+          #
##################################################################
##################################################################
# [#] Gekko CMS (SQL Injection) Vulnerability                    #
# [#] Discovered By []0iZy5                                      #
# [#] http://r00tDefaced.com                                     #
# [#] Greetz: sHoKeD-bYte, Gn0515, Nex & r00tDefaced Members     #
##################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
#               SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
#          http://127.0.0.1/path/search/?cvx=[SQL Injection] 
#          http://127.0.0.1/path/search/?uid=[SQL Injection]
#          http://127.0.0.1/path/search/action/search/?cvx=[SQL Injection]
#          http://127.0.0.1/path/search/action/search/?uid=[SQL Injection]
# 
# Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
#
# The Risk:
#     By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.
#
# Fix the vulnerability:
#     To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################

# r00tDefaced.com [29/June/2010]

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Gekko CMS SQL Injection

Gekko CMS SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gekko CMS SQL Injection

Share This

Gekko CMS SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems