[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Freestyle FAQ Lite Component 1.3 com_fss (faqid) SQL Injection

Author
Chip D3 Bi0s
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11656
Category
web applications
Date add
06-04-2010
Platform
php
===================================================================================
Joomla Freestyle FAQ Lite Component 1.3 com_fss (faqid) SQL Injection Vulnerability
===================================================================================

---------------------------------------------------------------------------------
Joomla Freestyle FAQ Lite Component 1.3 (faqid) SQL Injection
---------------------------------------------------------------------------------
 
Author      : Chip D3 Bi0s
Group       : LatinHackTeam
Email & msn : chipdebios@gmail.com
Date        : 05 april 2010
Critical Lvl    : Moderate
Impact      : Exposure of sensitive information
Where       : From Remote
---------------------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Application : Freestyle FAQ Lite
version     : 1.3
Developer   : Freestyle Joomla
License     : GPLv2           type  : Non-Commercial
Date Added  : 22 March 2010
Download    : http://freestyle-joomla.com/fssdownloads/viewcategory/2
Demo        : http://freestyle-joomla.com/demo
 
 
Description     :
 
Freestyle FAQ Lite is designed to provide you with a highly customised
Frequently Asked Questions (FAQs) module on your Joomla website.
There are various customisable options, you can display FAQs under
a menu item or within a module.
 
• Multiple categories
• Search all FAQs
• Add an image for each category
• Link directly to a FAQ category or article from a menu item
• View all FAQs at once (option to hide this)
• Module to list FAQ categories anywhere on any page
• Full image and html support for each FAQ
• WYSIWYG editor for FAQs
• Attach full html description to each category FAQs can be toggled as published or unpublished
• Various Joomla back end parameters
• Multiple view modes for question list - Normal list - clicking a category takes you to a different page with FAQ list
• Multiple FAQ list modes - All questions and answers on one page
 
 
--------------
 
how to exploit
 
http://127.0.0.1/index.php?option=com_fss&view=faq&Itemid=4&catid=1&tmpl=component&faqid={sql}
 
------------------------
 
 
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++



#  0day.today [2024-12-23]  #