SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections

2011-07-15

老系统内容 Injection SQL

约 63 字预计阅读 1 分钟

文章目录

# Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections
# Date: 13 July 2011
# Author: jdc
# Version: 2.9.3.2
# Fixed In: 2.9.4

Versions prior to 2.9.4 suffer from a blind sql injection in both the "tag" and "letter" parameters. The request MUST reach the site with these parameters urlencoded for the injection to succeed.

POSTDATA: option=com_sobi2&tmpl=component&tag=[Encoded SQL]
POSTDATA: option=com_sobi2&tmpl=component&letter=[Encoded SQL]

文章作者 Nuclear'Atk

上次更新 2011-07-15