作者: KinG Of PiraTeS 类型 :: webapps 平台: php 开发者: http://HdhCmsTestjoomlalms测试数据/ 下载地址 http://extensions.joomla.org/ < 影响版本: All vErsion 测试系统: [Windows 7 Edition Intégrale 64bit ] # 1)介绍 2)缺陷描述 3)利用方法 >> ---------------------------------------------------------------- 1)Introduction ============== 2)Vulnerability Description =========================== U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else. 3)Exploit ========= http://HdhCmsTest2cto测试数据 /{Path}/index.php?option=com_lms&controller=statedetail&id=-1 [~] P0c [~] : ============ Vuln file in : http://Localhost/{Path}/index.php?option=com_lms&controller=statedetail&id=[Number] <<-----| [~] D3m0 [~] : ============= http://php.esoftech.org/kanerma/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here] http://HdhCmsTestsenmedical测试数据/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here] http://HdhCmsTestnajbaro测试数据/index.php?option=com_lms&controller=statedetail&id= 1 [Inj3ct Here] Many Websites are Affected On SQL inJection & Path désclosure . . . #### Peace From Algeria
查看更多关于Joomla Components lms SQL注射 - 网站安全 - 自学php的详细内容...