Joomla! 1.5.x – SQL Error Information Disclosure

Exploit Database
10 阅读

作者： YGN Ethical Hacker Group

日期： 2010-11-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34955/

source: https://www.securityfocus.com/bid/44674/info

Joomla! is prone to an information-disclosure vulnerability due to an SQL error.

Exploiting this issue can allow attackers to gain access to sensitive information contained in the application's database. Successful exploits may lead to other attacks.

Versions prior to Joomla! 1.5.22 are vulnerable. 

http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injection/sqli_(filter_order)_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injectio /sqli_%28filter_order_Dir%29_front.jpg
http://yehg.net/lab/pr0js/advisories/joomla/core/1.5.21/sql_injectio /sqli_%28filter_order_Dir%29_back.jpg

last Exploits
Joomla! 1.5.x – SQL Error Information Disclosure的更多信息

Symantec Messaging Gateway 10.7.4 – Stored Cross-Site Scripting (XSS)：
OpenCMS 10.5.3 – Cross-Site Scripting：
Yaws-Wiki 1.88 – Multiple Cross-Site Scripting / HTML Injection Vulnerabilities：
BASE – ‘base_qry_common’ Remote File Inclusion (Metasploit)：
b2evolution 6.11.6 – ‘plugin name’ Stored XSS：
NoteBurner 2.35 – Denial Of Service (DoS) (PoC)：
Interview Management System 1.0 – ‘id’ SQL Injection：
Sethi Family Guestbook 3.1.8 – Cross-Site Scripting：