Syswoody

Blog de Sistemas Informáticos

SQL Server

Vulnerabilidad de injeccion del SQL en ChronoForms

Poradmin

Ago 13, 2010

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_chronocontact SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
Joomla Component com_chronocontact SQL Injection Vulnerability
==============================================================

# Exploit Title: Joomla Component ChronoForms (com_chronocontact)
# Date: 01, June 2010
# Author: _mlk_ (Renan)
# Software Link:0
# Version: 0
# Tested on: all OS
# CVE : 0
# Code : here

Joomla Component ChronoForms (com_chronocontact) – Blind SQL Injection Vulnerability

###################################################################################################################################

[!] Discovered by : _mlk_ (Renan)

[!] Teams : c00kies , BugSec , BotecoUnix &amp; c0d3rs

[!] Homepages : http://code.google.com/p/bugsec/ <> http://botecounix.com.br/blog/ <> http://c0d3rs.wordpress.com/

[!] Location : Porto Alegre – RS, Brasil
(or Brazil)

################################################

[-] Information

[?] Script : ChronoForms for Joomla 1.5

[?] Vendor : http://www.chronoengine.com/

[?] Dork/String : &quot;index.php?option=com_chronocontact&quot; / &quot;com_chronocontact&quot;

[?] Download : http://www.chronoengine.com/downloads/9-chronoforms.html

[?] Date : 01, June 2010

################################################################

[*] Example :

http://localhost/index.php?option=com_chronocontact&;itemid=1 [Blind-SQL]

############################################################

[~] Agradecimentos :

Deus , Familiares , Amigos e Tricolor Ga?cho (Gr?mio) .

############################################################

# http://inj3ct0r.com/’>Inj3ct0r.com [2010-06-02]var gaJsHost = ((«https:» == document.location.protocol) ? «<a href=»https://ssl.»>https://ssl.</a>» : «<a href=»http://www.»>http://www.</a>»);document.write(unescape(«%3Cscript src=’» + gaJsHost + «google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E»));try{var pageTracker = _gat._getTracker(«UA-12725838-1»);pageTracker._setDomainName(«none»);pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}

Noticias de informática:

  1. Inyeccion de SQL en IIS con .Net
  2. Como crear un Mirror (espejo) SQL Server 2005
  3. PostgreSQL version 9 ve la luz
  4. ODBC Error 01000 – Error 1326 conexión SQL Server Express

Por admin

Entrada relacionada

SQL Server

Conectar a SQL Server Express

Sep 28, 2016 admin
SQL Server

Reduciendo LDF en SQL Server mediante consultas

Jun 27, 2016 admin
SQL Server

Error conectando desde PHP a Postgresql

Ene 4, 2013 admin

Deja una respuesta

You missed

Seguridad Sistemas Windows

Microsoft actualizaciones de seguridad windows en Junio 2024

23/06/2024 admin
Windows Fallos de Seguridad Ofimatica

Microsoft Outlook presenta grave vulnerabilidad zero-click

22/06/2024 admin
WordPress Fallos de Seguridad Web

Plugin de WordPress WP Fastest Cache vulnerable a ataques SQL

27/05/2024 admin
WordPress Fallos de Seguridad Seguridad

Vulnerabilidad crítica en el Plugin WP-Automatic permite tomar control total del servidor

26/05/2024 admin
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock