Wednesday, May 18, 2011

From Vulnerability to Exploit (Joomla! SQL Injection)

James from GulfTech Research and Development coded Joomla! SQL Injection Exploit in Metasploit from SQL Injection to Remote Code Execution



https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en



It works for our previous disclosure of:

http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.6.0%5D_sql_injection

We thank James for his excellent working exploit that provides Proof-of-Concept for a vulnerability that Joomla! Core Developers think of as Information Disclosure Only.


http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html

No comments:

Post a Comment