Well I've decided to broaden my knowledge on SQL injection and what better way to start than forcing errors. I came accross these:-

---------------------------+

index.php?option=com_mosforms&act=viewform&Itemid=115&mosform=2&rowid=62&tableid=2

could not connect to database
Fatal error: Call to a member function on a non-object in /home/username/public_html/components/com_mosforms/mosforms.php on line 203

---------------------------+

index.php?option=com_content&task=section&id=1&Itemid=user

Fatal error: Call to undefined function: set() in /home/username/public_html/components/com_content/content.php on line 198

---------------------------+

And wondered if they were vulnerable to anything?

I wouldn't expect you to tell me how to exploit them, but I would appreciate any help you can give me.

Thanks -

[Edit:

This was also on a seperate site. Not sla.ckers!

]

Thanks::
Flash O.-



Edited 1 time(s). Last edit at 01/10/2007 06:01PM by FlashO.-.

Those com_* objects/modules are hard to exploit & inject, but not impossible. It really is bad design but some siteowners who use joomla and mambo and are aware of SQL injection and XSS strip much out, and use filters. But if you can find a site that has a basic install, there are ways around it.

You could go on http://www.milw0rm.com and search for mambo in the search function to see actual exploits being made.