Entries Tagged with ‘sql injection’

Download The Joomla Hacking Compendium here. With great pleasure I hereby announce the availability of the new “The Joomla Hacking Compendium”. It contains almost 1000 lines of pure knowledge and shows you the way to hack and protect Joomla. It contains the following chapters: Please find an excerpt below:

(Continue reading…)

Please view the original advisory/exploit here. The web app OneOrZero AIMS Members Edition suffers from multiple remote vulnerabilities. SQL Injection Multiple scripts and parameters are affected by remote SQL injection vulnerabilities. You can also manipulate SQL queries with the help of various search fields of this web app. Some example URLs: index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=saved_search&global=1&id=[SQL Injection] index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=show_item_search&item_types=[SQL Injection] […]

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component com_jsupport suffers from a remote SQL injection vulnerability. This vulnerability can be found by viewing the component in the Joomla administrator backend. Examples: administrator/index.php?option=com_jsupport&task=listTickets&alpha=[SQL Injection] administrator/index.php?option=com_jsupport&task=listFaqs&alpha=[SQL Injection]

(Continue reading…)

Please view the original advisory/exploit here. The VideoDb script/application suffers from SQL Injection and Local File Inclusion vulnerabilities. Auth bypass maybe possible.

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component com_restaurantguide suffers from multiple vulnerabilities. >> SQL Injection index.php?option=com_restaurantguide&view=country&id=’&Itemid=69 (id parameter is vulnerable) >> HTML/JS/VBS Code Injection (all input fields, also in the admin backend) It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Simply end the current HTML tag […]

(Continue reading…)

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component “Racers Online” (com_nkc) suffers from a numeric SQL Injection vulnerability.

(Continue reading…)

Please download the original exploit/advisory here. The image gallery script GaleriaSHQIP suffers from a remote SQL injection vulnerability. Example URL index.php?album_id=[SQL Injection] Affected versions 1.0 full, the lite version may also contain such vulnerabilities

(Continue reading…)

Please download/view the original advisory here. The Joomla component com_golfcourseguide fails to sanitize the user input and therefore suffers from a remote SQL injection vulnerability. Example URL index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=[SQL Injection] Versions affected v0.9.6.0 beta, v1 beta

(Continue reading…)

Today I am releasing my Specialist Bed and Breakfast Website SQL Injection Exploit (remote). [Download] Description The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product. About the vulnerability Learn […]

(Continue reading…)