XOOPS 2.5.9 - SQL Injection

2019-05-13T00:00:00
ID EXPLOITPACK:DD50BB4CA7AABEAC293B0BC132DE3301
Type exploitpack
Reporter felipe andrian
Modified 2019-05-13T00:00:00

Description

XOOPS 2.5.9 - SQL Injection

                                        
                                            [+] Sql Injection on XOOPS CMS v.2.5.9

[+] Date: 12/05/2019

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit : 

        http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]

   
[+] EOF