Joomla! 1.5.x – SQL Error Information Disclosure

Exploit Database
105 阅读

作者： YGN Ethical Hacker Group

日期： 2010-11-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34955/

source: https://www.securityfocus.com/bid/44674/info

Joomla! is prone to an information-disclosure vulnerability due to an SQL error.

Exploiting this issue can allow attackers to gain access to sensitive information contained in the application's database. Successful exploits may lead to other attacks.

Versions prior to Joomla! 1.5.22 are vulnerable.

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injectio /sqli_%28filter_order_Dir%29_front.jpg

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injectio /sqli_%28filter_order_Dir%29_back.jpg

last Exploits
Joomla! 1.5.x – SQL Error Information Disclosure的更多信息

DotNetNuke – Arbitrary File Upload：
Microsoft Outlook Web Access (OWA) 8.2.254.0 – Information Disclosure：
WordPress Core 4.2 – Persistent Cross-Site Scripting：
Employee Management System 1.0 – ‘admin_id’ SQLi：
Joomla! Component com_topmenu – SQL Injection：
Online Course Registration 1.0 – Unauthenticated Remote Code Execution：
CiviCRM 5.59.alpha1 – Stored XSS (Cross-Site Scripting)：
Nabernet – ‘articles.php’ SQL Injection：