Joomla! com_informations组件'themeid'参数SQL注入漏洞

Joomla! cominformations组件代码中对'themeid'参数过滤不严谨，且程序在构造SQL查询语句之前未能充分过滤用户提交的输入，导致了SQL注入漏洞的产生。 利用方式如下： http://www.example.com/index.php?option=cominformations&view=sousthemes&themeid=999.9+union+select+111,222,version%23...

Joomla! com_informations component 'themeid' parameter SQL injection vulnerability

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the 'themeid' parameter of the 'cominformations' component of Joomla! The...

Joomla com_informations component SQL Injection vulnerability

验证方法: http://target/index.php?option=cominformations&view=sousthemes&themeid=-3 SQLI Injected column is 3 http://target//index.php?option=cominformations&view=sousthemes&themeid=999.9+union+select+111,222,version%23...

Joomla! Component com_informations - SQL Injection

Joomla! Component cominformations - SQL Injection Exploit Title: Joomla cominformations component SQL Injection vulnerability Date: 13-08-2015 Software Link: N/A Exploit Author: Omar AbuHassan Contact: https://www.linkedin.com/pub/omar-abu-hassan/bb/600/960 CVE: N/A Category: webapps Version: All...