Joomla Freestyle FAQ Lite 1.3 SQL Injection

Type packetstorm
Reporter Chip D3 Bi0s
Modified 2010-04-07T00:00:00


Joomla Freestyle FAQ Lite Component 1.3 (faqid) SQL Injection  
Author : Chip D3 Bi0s  
Group : LatinHackTeam  
Email & msn :  
Date : 05 april 2010  
Critical Lvl : Moderate  
Impact : Exposure of sensitive information  
Where : From Remote  
Affected software description:  
Application : Freestyle FAQ Lite   
version : 1.3  
Developer : Freestyle Joomla  
License : GPLv2 type : Non-Commercial  
Date Added : 22 March 2010  
Download :  
Demo :  
Description :  
Freestyle FAQ Lite is designed to provide you with a highly customised  
Frequently Asked Questions (FAQs) module on your Joomla website.  
There are various customisable options, you can display FAQs under  
a menu item or within a module.  
• Multiple categories  
• Search all FAQs  
• Add an image for each category  
• Link directly to a FAQ category or article from a menu item  
• View all FAQs at once (option to hide this)  
• Module to list FAQ categories anywhere on any page  
• Full image and html support for each FAQ  
• WYSIWYG editor for FAQs  
• Attach full html description to each category FAQs can be toggled as published or unpublished  
• Various Joomla back end parameters  
• Multiple view modes for question list - Normal list - clicking a category takes you to a different page with FAQ list  
• Multiple FAQ list modes - All questions and answers on one page  
how to exploit{sql}  
[!] Produced in South America