Joomla! Component Catalogue – SQL Injection / Local File Inclusion

Exploit Database
149 阅读

作者： XroGuE

日期： 2010-11-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35024/

source: https://www.securityfocus.com/bid/45090/info

The Joomla! Catalogue Component is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. By using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.

http://www.example.com/index.php?option=com_catalogue&Itemid=73&cat_id=[SQLi]

http://www.example.com/index.php?option=com_catalogue&controller=[LFI]

last Exploits
Joomla! Component Catalogue – SQL Injection / Local File Inclusion的更多信息

Kodak InSite 5.5.2 – ‘/Pages/login.aspx?Language’ Cross-Site Scripting：
Tourism Management System v2.0 – Arbitrary File Upload：
WordPress Plugin OPS Old Post Spinner 2.2.1 – Local File Inclusion：
BlogWorx 1.0 Blog – Database Disclosure：
News Script PHP Pro – ‘FCKeditor’ Arbitrary File Upload：
Tube Ace – ‘q’ Cross-Site Scripting：
Simple CRM 3.0 – ‘name’ Stored Cross site scripting (XSS)：
Aspen 0.8 – Directory Traversal：