20 lines
547 B
Text
Executable file
20 lines
547 B
Text
Executable file
------------------------------------------
|
|
# Xoops 2.5.4 Blind SQL Injection
|
|
------------------------------------------
|
|
|
|
# Dork: "Powered by XOOPS 2.5.4"
|
|
# Download: http://sourceforge.net/projects/xoops/
|
|
# Date: 10/12/2011
|
|
# Author: blkhtc0rp
|
|
# Mail: blkhtc0rp[at]yahoo[dot]com
|
|
# Tested on: Freebsd 8 and Debian Squeeze
|
|
|
|
|
|
Note:
|
|
|
|
In order to be successful an attacker must have permission to access the administration menu.
|
|
|
|
Exploit:
|
|
|
|
http://192.168.1.109/xoops-2.5.4/modules/system/admin.php?fct=users&selgroups=[Blind Sqli]
|
|
|