Exploit/Advisories
Published on May 17th, 2019 📆 | 4197 Views ⚑
0XOOPS 2.5.9 – SQL Injection
[+] Sql Injection on XOOPS CMS v.2.5.9
[+] Date: 12/05/2019
[+] Risk: High
[+] CWE Number : CWE-89
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: https://xoops.org/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Gnu/Linux
[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)
[+] Exploit :
http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]
[+] EOF
https://www.exploit-db.com/exploits/46835
Gloss