Joomla! Component JSupport 1.5.6 – SQL Injection

• Exploit Database
• 10 阅读

• 作者： Valentin
  日期： 2010-11-12
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15502/

• # Exploit Title: Joomla Component com_jsupport SQL Injection Vulnerability
  # Date: 12.11.2010
  # Author: Valentin
  # Category: webapps/0day
  # Version: 1.5.6
  # Tested on:
  # CVE :
  # Code : 
  
  [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  >> General Information 
  Advisory/Exploit Title = Joomla Component com_jsupport SQL Injection Vulnerability
  Author = Valentin Hoebel
  Contact = valentin@xenuser.org
  
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  >> Product information
  Name = JSupport
  Vendor = Extension Depot
  Vendor Website = http://www.extensiondepot.com/extensions/jsupport.html
  Affected Version(s) = 1.5.6
   
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  >> SQL Injection
  This vulnerability can be found by viewing the component in the Joomla administrator
  backend.
  
  Examples:
  administrator/index.php?option=com_jsupport&task=listTicketsα=[SQL Injection]
  administrator/index.php?option=com_jsupport&task=listFaqsα=[SQL Injection]
  
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  >> Additional Information
  Advisory/Exploit Published = 12.11.2010
  
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  >> Misc
  Greetz = cr4wl3r, JosS, packetstormsecurity.org, exploit-db.com
  
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]