If user supplied malformed data to cookie (by adding a value to md5 string), then
sql leak is possible and Joomla's table names prefix can be read.
 |
| Add 'malformed' value here - Burp |
... and now you can see an error from <prefix>_session table:
 | |
| SQL Leak - now you know what is the prefix |
:)
If you watch this request/response you will see that those screens was created from 'administrators' link. To stop comments like 'not usefull because possible from admin' - try to reproduce this from normal (registered) or pre-auth user. ;)
Another place where user can input malformed data, looks like this:
 | |
| SQL Leak |
cheers
No comments:
Post a Comment
What do You think...?