Menu

Improved exploit search engine. Try it out

"XOOPS 2.5.9 - SQL Injection"

Author

"felipe andrian"

Platform

php

Release date

2019-05-13

Release Date Title Type Platform Author
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2019-05-23 "Nagios XI 5.6.1 - SQL injection" webapps php JameelNabbo
2019-05-22 "Horde Webmail 5.2.22 - Multiple Vulnerabilities" webapps php InfinitumIT
2019-05-21 "WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities" webapps php "Simone Quatrini"
2019-05-21 "Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting" webapps php "Dionach Ltd"
2019-05-23 "Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-20 "eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution" webapps php liquidsky
2019-05-20 "GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)" remote php Metasploit
2019-05-17 "Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution" webapps php "numan türle"
2019-05-16 "DeepSound 1.0.4 - SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-15 "Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting" webapps php LiquidWorm
2019-05-15 "CommSy 8.6.5 - SQL injection" webapps php "Jens Regel_ Schneider_ Wulf"
2019-05-14 "PasteShr 1.6 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection" webapps php "Julien Ahrens"
2019-05-14 "Sales ERP 8.1 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-05-14 "PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)" remote php AkkuS
2019-05-13 "OpenProject 5.0.0 - 8.3.1 - SQL Injection" webapps php "SEC Consult"
2019-05-13 "XOOPS 2.5.9 - SQL Injection" webapps php "felipe andrian"
2019-05-13 "SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - SQL Injection" webapps php LiquidWorm
2019-05-13 "SOCA Access Control System 180612 - Information Disclosure" webapps php LiquidWorm
2019-05-09 "Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting" webapps php "Ibrahim Raafat"
2019-05-06 "PHPads 2.0 - 'click.php3?bannerID' SQL Injection" webapps php "felipe andrian"
2019-05-03 "Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution" webapps php hash3liZer
2019-05-03 "Instagram Auto Follow - Authentication Bypass" webapps php Veyselxan
2019-04-30 "Agent Tesla Botnet - Information Disclosure" webapps php n4pst3r
2019-04-30 "Hyvikk Fleet Manager - Shell Upload" webapps php saxgy1331
2019-04-30 "Joomla! Component JiFile 2.3.1 - Arbitrary File Download" webapps php "Mr Winst0n"
2019-04-30 "HumHub 1.3.12 - Cross-Site Scripting" webapps php "Kağan EĞLENCE"
2019-04-30 "Joomla! Component ARI Quiz 3.7.4 - SQL Injection" webapps php "Mr Winst0n"
Release Date Title Type Platform Author
2019-05-13 "XOOPS 2.5.9 - SQL Injection" webapps php "felipe andrian"
2019-05-06 "microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection" webapps asp "felipe andrian"
2019-05-06 "PHPads 2.0 - 'click.php3?bannerID' SQL Injection" webapps php "felipe andrian"
2014-05-24 "Web Terra 1.1 - 'books.cgi' Remote Command Execution" webapps cgi "felipe andrian"
2014-04-14 "WordPress Theme LineNity 1.20 - Local File Inclusion" webapps php "felipe andrian"
2014-04-02 "CIS Manager CMS - SQL Injection" webapps asp "felipe andrian"
2014-04-01 "Horde Webmail 5.1 - Open Redirect" webapps php "felipe andrian"
2014-03-29 "ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect" webapps asp "felipe andrian"
2014-03-24 "BigDump 0.35b - Arbitrary File Upload" webapps php "felipe andrian"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46835/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46835/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46835/41268/xoops-259-sql-injection/download/", "exploit_id": "46835", "exploit_description": "\"XOOPS 2.5.9 - SQL Injection\"", "exploit_date": "2019-05-13", "exploit_author": "\"felipe andrian\"", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[+] Sql Injection on XOOPS CMS v.2.5.9

[+] Date: 12/05/2019

[+] Risk: High

[+] CWE Number : CWE-89

[+] Author: Felipe Andrian Peixoto

[+] Vendor Homepage: https://xoops.org/

[+] Contact: felipe_andrian@hotmail.com

[+] Tested on: Windows 7 and Gnu/Linux

[+] Dork: inurl:gerar_pdf.php inurl:modules // use your brain ;)

[+] Exploit : 

        http://host/patch/modules/patch/gerar_pdf.php?cid= [SQL Injection]

   
[+] EOF