Update released for Articles module in response to above security exploit.
users are advised to update to articles 1.03.
updated version can be found on the developers website >
http://support.sirium.net/modules/mydownloads/viewcat.php?cid=2
The Articles module has been updated to v1.03, which contains some input
sanitising and should negate this exploit.
Version 1.03 can be downloaded from
http://support.sirium.net/modules/mydownloads/viewcat.php?cid=2
Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC
Type :
SQL Injection
Release Date :
{2007-03-26}
Product / Vendor :
Xoops Portal
http://www.Xoops.Org
Bug :
http://localhost/script/modules/articles/print.php?id=x AND 1=1 or 1=0
PoC :
http://localhost
