Joomla! Component com_sobi2 2.9.3.2 – Blind SQL Injections

Exploit Database
17 阅读

作者： jdc

日期： 2011-07-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17530/

# Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections
# Date: 13 July 2011
# Author: jdc
# Software Link: http://www.sigsiu.net
# Version: 2.9.3.2
# Fixed In: 2.9.4
# Verified: http://www.sigsiu.net/changelog as "# Bugfix: Blind SQL injection"

Versions prior to 2.9.4 suffer from a blind sql injection in both the "tag" and "letter" parameters. The request MUST reach the site with these parameters urlencoded for the injection to succeed.

POSTDATA: option=com_sobi2&tmpl=component&tag=[Encoded SQL]

POSTDATA: option=com_sobi2&tmpl=component&letter=[Encoded SQL]

Updated release: http://www.sigsiu.net/latest_news/sobi2_version_2.9.4_released.html

last Exploits
Joomla! Component com_sobi2 2.9.3.2 – Blind SQL Injections的更多信息

Winter CMS 1.2.3 – Server-Side Template Injection (SSTI) (Authenticated)：
PrestaShop Winbiz Payment module – Improper Limitation of a Pathname to a Restricted Directory：
PBBoard – ‘member_id’ Validation Password Manipulation：
Online Scheduling System 1.0 – Persistent Cross-Site Scripting：
CosCMS 1.721 – OS Command Injection：
SPIP 3.1.2 – Cross-Site Request Forgery：
Get Tube – SQL Injection：
Touchbase.io 1.10 – Stored Cross Site Scripting：