From Vulnerability to Exploit (Joomla! SQL Injection)
James from GulfTech Research and Development coded Joomla! SQL Injection Exploit in Metasploit from SQL Injection to Remote Code Execution
https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en
It works for our previous disclosure of:
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.6.0%5D_sql_injection
We thank James for his excellent working exploit that provides Proof-of-Concept for a vulnerability that Joomla! Core Developers think of as Information Disclosure Only.
http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html
https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en
It works for our previous disclosure of:
http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.6.0%5D_sql_injection
We thank James for his excellent working exploit that provides Proof-of-Concept for a vulnerability that Joomla! Core Developers think of as Information Disclosure Only.
http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html
Comments
Post a Comment