------------------------------------------ # Xoops 2.5.4 Blind SQL Injection ------------------------------------------ # Dork: "Powered by XOOPS 2.5.4" # Download: http://sourceforge.net/projects/xoops/ # Date: 10/12/2011 # Author: blkhtc0rp # Mail: blkhtc0rp[at]yahoo[dot]com # Tested on: Freebsd 8 and Debian Squeeze Note: In order to be successful an attacker must have permission to access the administration menu. Exploit: http://192.168.1.109/xoops-2.5.4/modules/system/admin.php?fct=users&selgroups=[Blind Sqli]