From Vulnerability to Exploit (Joomla! SQL Injection)

James from GulfTech Research and Development coded Joomla! SQL Injection Exploit in Metasploit from SQL Injection to Remote Code Execution



https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en



It works for our previous disclosure of:

http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.6.0%5D_sql_injection

We thank James for his excellent working exploit that provides Proof-of-Concept for a vulnerability that Joomla! Core Developers think of as Information Disclosure Only.


http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html

Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

Jumping out of Touch Screen Kiosks

HttpOnly Session ID in URL and Page Body | Cross Site Scripting