Joomla.it Forum

Non solo Joomla... => Sicurezza => : bugSearch.Net 05 Jan 2009, 20:38:10

: Joomla com_phocadocumentation (id) Remote SQL Injection Exploit
: bugSearch.Net 05 Jan 2009, 20:38:10

Joomla com_phocadocumentation (id) Remote SQL Injection Exploit (http://www.bugsearch.net/it/7817/Joomla%20com_phocadocumentation%20%28id%29%20Remote%20SQL%20Injection%20Exploit.html)

: Re: Joomla com_phocadocumentation (id) Remote SQL Injection Exploit
: = odino = 05 Jan 2009, 21:08:26

ups poveri quelli di phoca

: Re: Joomla com_phocadocumentation (id) Remote SQL Injection Exploit
: lbar 06 Jan 2009, 22:32:50

did you try the hack?

the id in section (which is described in the perl file) is protected by two methods:

by JRequest method and by (int) (all strings will be changed to integer) in sql query ...