Gekko CMS SQL Injection

Gekko CMS SQL Injection: Posted Jun 30, 2010; Authored by []0iZy5; Gekko CMS suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | ebec3de39faf73b99706ef50949b18736ad189aeb735ba9f304c454b8ebeda8a; Download | Favorite | View

Gekko CMS SQL Injection

##################################################################
##################################################################
#          ___   ___  _   _____        __                   _    #
#         / _ \ / _ \| | |  __ \      / _|                 | |   #
#    _ __| | | | | | | |_| |  | | ___| |_ __ _  ___ ___  __| |   #
#   | '__| | | | | | | __| |  | |/ _ \  _/ _` |/ __/ _ \/ _` |   #
#   | |  | |_| | |_| | |_| |__| |  __/ || (_| | (_|  __/ (_| |   #
#   |_|   \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_|   #
#                                                                #
#                                                                #
#                                             +-+-+-+-+          #
#                                             |C|r|e|w|          #
#                                             +-+-+-+-+          #
##################################################################
##################################################################
# [#] Gekko CMS (SQL Injection) Vulnerability                    #
# [#] Discovered By []0iZy5                                      #
# [#] http://r00tDefaced.com                                     #
# [#] Greetz: sHoKeD-bYte, Gn0515, Nex & r00tDefaced Members     #
##################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
#               SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
#          http://127.0.0.1/path/search/?cvx=[SQL Injection] 
#          http://127.0.0.1/path/search/?uid=[SQL Injection]
#          http://127.0.0.1/path/search/action/search/?cvx=[SQL Injection]
#          http://127.0.0.1/path/search/action/search/?uid=[SQL Injection]
# 
# Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
#
# The Risk:
#     By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.
#
# Fix the vulnerability:
#     To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################

# r00tDefaced.com [29/June/2010]

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Gekko CMS SQL Injection

Gekko CMS SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gekko CMS SQL Injection

Share This

Gekko CMS SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems