Joomla Component BF Quiz SQL Injection Vulnerability

Please view the original advisory here.

The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks.

I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this Joomla component I actually didn’t find the vulnerability, lol.

Exploit for this will be released soon!

May 29th, 2010 in SQL Injection | tags: advisory, com_bfquiz, exploit, Security, sql injection, vulnerability

You must be logged in to post a comment.

Ascii for Breakfast

Register here Blog about Xen, IT-Security, Linux and other stuff.

valentin@xenuser.org

Active projects

Exploit-DB updates

blog.xen.org

29 feed subscribers

Ascii for BreakfastSubscribe here (RSS)

Joomla Component BF Quiz SQL Injection Vulnerability

Leave a comment

Ascii for Breakfast

Recent Posts

Active projects

Blogroll

Archives

Tag cloud

Files ≈ Packet Storm

Exploit-DB updates

blog.xen.org

Author Links