45 lines
No EOL
1.5 KiB
Text
45 lines
No EOL
1.5 KiB
Text
---------------------------------------------------------------------------------
|
|
Joomla Component JE FAQ Pro : Multiple Remote Blind Sql Injection
|
|
---------------------------------------------------------------------------------
|
|
|
|
Author : Chip D3 Bi0s
|
|
Group : LatinHackTeam
|
|
Email & msn : chipdebios[at]gmail[dot]com
|
|
Date : 2010-08-30
|
|
Critical Lvl : Moderate
|
|
Impact : Exposure of sensitive information
|
|
Where : From Remote
|
|
---------------------------------------------------------------------------
|
|
|
|
Affected software description:
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Application : JE FAQ Pro
|
|
version : 1.5.0
|
|
Price : 1 year: 13.08$, 2 Year: 18.31$, 3 Year: 23.54$, 4 Year: 26.16$
|
|
Developer : J Extension
|
|
License : GPLv2 or later type : Commercial
|
|
Date Added : 28 August 2010
|
|
Download : http://www.jextn.com/joomla-faq-component-extensions-downloads/
|
|
Demo : http://www.joomla-faq-demo.jextn.com/
|
|
|
|
Description :
|
|
|
|
JE FAQ Pro is an easy to use but powerful and excellent FAQ management.
|
|
Our core competency from our front end and backend features will make you
|
|
to sit suitable because we take care of your needs in the FAQ Joomla component
|
|
needs. This is where we extending the suitability in Joomla.
|
|
|
|
|
|
|
|
Multiple Blind SQL Injection
|
|
|
|
http://site/path/index.php?option=com_jefaqpro&view=category&layout=categorylist&catid=2[bsql]
|
|
|
|
http://site/path/index.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&catid=2[bsql]
|
|
|
|
|
|
|
|
+++++++++++++++++++++++++++++++++++++++
|
|
[!] Produced in South America
|
|
+++++++++++++++++++++++++++++++++++++++ |