XOOPS 2.5.9 – SQL Injection

• Exploit Database
• 55 阅读

• 作者： felipe andrian
  日期： 2019-05-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46835/

• [+] Sql Injection on XOOPS CMS v.2.5.9
  
  [+] Date: 12/05/2019
  
  [+] Risk: High
  
  [+] CWE Number : CWE-89
  
  [+] Author: Felipe Andrian Peixoto
  
  [+] Vendor Homepage: https://xoops.org/
  
  [+] Contact: felipe_andrian@hotmail.com
  
  [+] Tested on: Windows 7 and Gnu/Linux
  
  [+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)
  
  [+] Exploit : 
  
  http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]
  
   
  [+] EOF