Xoops 2.5.9 sql injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-05-13 | Type : webapps | Platform : php
This exploit / vulnerability Xoops 2.5.9 sql injection is for educational purposes only and if it is used you will do on your own risk!


[+] Code ...

[+] Sql Injection on XOOPS CMS v.2.5.9

[+] Date: 12/05/2019

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit :

http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]


[+] EOF