Joomla! Component com_joomnik – SQL Injection

Exploit Database
32 阅读

作者： SOLVER

日期： 2011-05-29
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17341/

<------------------- header data start ------------------- >
#############################################################
Joomla Component Joomnik Gallery SQL Injection Vulnerability
#############################################################

# Author : SOLVER ~ Bug Researchers

# Date : 26.05.2011

# Greetz : DreamPower - CWKOMANDO - Toprak - Equ - Err0r - 10line

# Name : Joomla com_joomnik

# Bug Type : SQL injection

# Infection : Admin Login Bilgileri Alinabilir.

# Example Vuln :

[+]/index.php?option=com_joomnik&album=[EXPLOIT]

[+] Dork:"com_joomnik"

[+] Demo: http://site.com/index.php?option=com_joomnik&album=6'

# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
#############################################################
http://joomlacode.org/gf/project/joomnik/

last Exploits
Joomla! Component com_joomnik – SQL Injection的更多信息

net2ftp 0.98 (stable) – ‘/admin1.template.php’ Local/Remote File Inclusion：
Wiccle Web Builder 2.0 – Multiple Cross-Site Scripting Vulnerabilities：
Life Insurance Management System 1.0 – File Upload RCE (Authenticated)：
WordPress Theme Elegant Grunge 1.0.3 – ‘s’ Cross-Site Scripting：
SugarCRM Community Edition 6.5.2 (Build 8410) – Multiple Vulnerabilities：
XOOPS 2.5.4 – ‘/modules/pm/pmlite.php?to_userid’ Cross-Site Scripting：
WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated)：
Phreebooks 2.0 – Directory Traversal：