http://lesim1.ing.unisannio.it
We can start to detect the version manually (automated tools, like joomscan, are giving random values) from
http://lesim1.ing.unisannio.it/configuration.php-dist
1.5.x
archived:http://archive.is/VB6I3
libraries/joomla/crypt/index.html is missing, so it's probably before Joomla! 1.5.26.
components/com_mailto/helpers/index.html is missing, so it's probably before Joomla! 1.5.23.
(Tip: I just used files and folder comparison with beyond compare, but you can also use Meld on linux)
To get the path we try to raise errors with wrong sql queries. In this case we are abusing of the weblinks component and adding the filter_order even if the site uses SEF urls (who cares).
http://lesim1.ing.unisannio.it/index.php/it/link-mee/53-gruppi-di-ricerca-mee-delle-universita-italiane-?&filter_order=
to get an output like this:
No valid database connection Unknown column '0' in 'order clause' SQL=SELECT * FROM jos_weblinks WHERE catid = 53 AND published = 1 AND archived = 0 ORDER BY 0 ASC, ordering LIMIT 0, 20
No valid database connection Unknown column '0' in 'order clause' SQL=SELECT * FROM jos_weblinks WHERE catid = 53 AND published = 1 AND archived = 0 ORDER BY 0 ASC, ordering
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /usr/share/joomla15/Lesim/libraries/joomla/database/database/mysql.php on line 344
There are common Joomla problems of sql injections and xss for versions before 1.5.23.
We can start to detect the version manually (automated tools, like joomscan, are giving random values) from
http://lesim1.ing.unisannio.it/configuration.php-dist
1.5.x
archived:http://archive.is/VB6I3
libraries/joomla/crypt/index.html is missing, so it's probably before Joomla! 1.5.26.
components/com_mailto/helpers/index.html is missing, so it's probably before Joomla! 1.5.23.
(Tip: I just used files and folder comparison with beyond compare, but you can also use Meld on linux)
To get the path we try to raise errors with wrong sql queries. In this case we are abusing of the weblinks component and adding the filter_order even if the site uses SEF urls (who cares).
http://lesim1.ing.unisannio.it/index.php/it/link-mee/53-gruppi-di-ricerca-mee-delle-universita-italiane-?&filter_order=
to get an output like this:
No valid database connection Unknown column '0' in 'order clause' SQL=SELECT * FROM jos_weblinks WHERE catid = 53 AND published = 1 AND archived = 0 ORDER BY 0 ASC, ordering LIMIT 0, 20
No valid database connection Unknown column '0' in 'order clause' SQL=SELECT * FROM jos_weblinks WHERE catid = 53 AND published = 1 AND archived = 0 ORDER BY 0 ASC, ordering
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /usr/share/joomla15/Lesim/libraries/joomla/database/database/mysql.php on line 344
There are common Joomla problems of sql injections and xss for versions before 1.5.23.
Comments
Post a Comment