Home / os / win7

Joomla Component com_zoomportfolio SQL Injection Vulnerabili

Posted on 23 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Joomla Component com_zoomportfolio SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==============================================================
Joomla Component com_zoomportfolio SQL Injection Vulnerability
==============================================================

Author		: Chip D3 Bi0s
Group		: LatinHackTeam
Email &amp; msn	: chipdebios@gmail.com
Date		: 23 August 2010
Critical Lvl	: Moderate
Impact		: Exposure of sensitive information
Where		: From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application	: Zoom Portfolio --Joomla Portfolio Component
version		: 1.5 
Price		: $20.00 
Developer	: EGBZOOM
License		: GPLv2 or later           type  : Commercial
Date Added	: 21 August 2010
Download	: http://www.egbzoom.com/joomla-portfolio-component.html

Description     :

Zoom Portfolio enables you to display your portfolio in a &quot;directory listing-like
presentation&quot; with minimum effort.The Component has features like add category
add images,settings,add portfolio .Zoom Portfolio includes automatic thumbnail creation,
captioning, searching and more.It also includes the ability to modify and delete any
of your existing pages.
The Zoom Portfolio is an amazing example of what can be done online with your online
presence. It is directed at artists of all walks of life, it is very easy to install
and customize, and it is just simply stunning. 

-------------------------

How to exploit

http://127.0.0.1/path/index.php?option=com_zoomportfolio&amp;view=portfolio&amp;view=portfolio&amp;id=[sql]

-------------------------



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-23]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :