XOOPS 2.5.9 – SQL Injection

• Exploit Database
• 137 阅读

• 作者： felipe andrian
  日期： 2019-05-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46835/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  [+] Sql Injection on XOOPS CMS v.2.5.9   [+] Date: 12/05/2019   [+] Risk: High   [+] CWE Number : CWE-89   [+] Author: Felipe Andrian Peixoto   [+] Vendor Homepage: https://xoops.org/   [+] Contact: felipe_andrian@hotmail.com   [+] Tested on: Windows 7 and Gnu/Linux   [+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)   [+] Exploit :   http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]   [+] EOF