Joomla 3.2.1 sql injection

# Exploit Title: Joomla 3.2.1 sql injection
# Date: 05/02/2014
# Exploit Author: kiall-9@mail.com
# Vendor Homepage: http://www.joomla.org/
# Software Link: http://joomlacode.org/gf/download/frsrelease/19007/134333/Joomla_3.2.1-Stable-Full_Package.zip
# Version: 3.2.1 (default installation with Test sample data)
# Tested on: Virtualbox (debian) + apache
POC=>

will cause an error:

I modified the original error.php file with this code —

— in order to obtain something useful. 😉

Now i can easily exploit this flaw:

and obtain the hash:

原文链接:,转发请注明来源!

发表评论

要发表评论,您必须先登录