Joomla component com_s5clanroster SQL Injection açığı bulunmuş olup, açık bulucunun açığın oluşum yeri ile ilgili açıklamaları şu şekilde;
# Exploit Title: WP User Role Editor CSRF # Date: 19/5/13 # Exploit Author: Henry Hoggard # Author Website: http://henryhoggard.co.uk # Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor # Software Link:https://wordpress.org/support/plugin/user-role-editor # Version: <=3.12 # Tested on: Debian # CVE : none yet Notified Dev: 16/05/13 Patch Released (3.14): 17/05/13 Description: This allows you to sign up with admin privileges if you make the admin visit your CSRF script. http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator
Bir önceki yazımız olan WordPress User Role Editor CSRF Vulnerability başlıklı makalemizde wordpress CSRF ve WordPress XSS hakkında bilgiler verilmektedir.
Usta yanlış atmışsın kod u