bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/9732.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

58 lines
No EOL
2.1 KiB
Text
Raw Permalink Blame History

---------------------------------------------------------------------------------
joomla component com_jinc (newsid) Blind SQL Injection Vulnerability
---------------------------------------------------------------------------------
Author : Chip D3 Bi0s
Group : LatiHackTeam
Email : chipdebios[alt+64]gmail.com
Date : 21 September 2009
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JINC (Joomla! Integrated Newsletters Component)
version : 0.2
Developer : lhacky
License : GPL type : Non-Commercial
Date Added : 2 September 2009
Demo : http://www.lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28
Download : http://www.lhacky.org/jextensions/index.php?option=com_content&view=article&id=3&Itemid=15
Description :
JINC (Joomla! Integrated Newsletters Component) is a easy-to-use and administer newsletter component for Joomla!.
Using JINC your website users can auto-subscribe and unsubscribe to newsletters you defined.
JINC includes classical newsletter functionalities
* Newsletter, messages and subscription management.
* TAG substitution inside the messages body.
* User auto-registration with welcome message at subscription time.
* Newsletter Disclaimer.
* HTML and Text Plain messages.
* Massive or personalized messages.
* Reports on message sending.
* Subscription creating user "on the fly".
* Message preview to message creator before sending to the newsletter subscribers
---------------------------------------------------------------------------
I.Blind SQL injection (newsid) Poc/Exploit:
~~~~~~~~~
http://127.0.0.1/[path]/index.php?option=com_jinc&view=messages&newsid=1[blind]
To make, you must be registered
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
# milw0rm.com [2009-09-21]
Reference in a new issue View git blame Copy permalink