Joomla.it Forum

Non solo Joomla... => Sicurezza => : vamba 02 Jul 2010, 15:01:30

: Joomla Component com_dateconverter 0.1 SQL Injection Vulnerability
: vamba 02 Jul 2010, 15:01:30

Non è ancora disponibile alcun aggiornamento alla componente
L'utlimo aggiornamento conosciuto risale al 22 giugno 2010
http://sourceforge.net/projects/date-converter/files/

in attesa di una release corretta si consiglia la rimozione del componente

:

[~] Vendor: http://sourceforge.net/projects/date-converter/
[~] Download App:http://sourceforge.net/projects/date-converter/files/com_dateconverter-0.1-beta.zip/download
==========ExPl0iT3d by **RoAd_KiLlEr**==========
 
[+]Description:
Joomla AD/BS Date Converter is a Joomla Component used to convert date between Gregorian Calendar and Bikram Sambat Calendar. BS Calendar is used in Nepal, India, Bhutan, Sri Lanka, Thailand etc.
=========================================
 
[+] Dork: inurl:"com_dateconverter"
 
==========================================
 
 
[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+
 
[Exploit]:  http://127.0.0.1/path/index.php?option=com_dateconverter&Itemid=[] <== SQL-i