Joomla! Component JPodium 2.7.3 – SQL Injection

• Exploit Database
• 36 阅读

• 作者： RoAd_KiLlEr
  日期： 2010-07-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14232/

• 1########################################### 1
  0 I'm **RoAd_KiLlEr**member from Inj3ct0r Team 1
  1########################################### 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  [+]Title Joomla JPodiumComponent(com_jpodium)SQL-i Vulnerability
  [+]Author**RoAd_KiLlEr**
  [+]ContactRoAd_KiLlEr[at]Khg-Crew[dot]Ws
  [+]Tested on Win Xp Sp 2/3
  [+]Version2.7.3
  ---------------------------------------------------------------------------
  [~] Founded by **RoAd_KiLlEr**
  [~] Team: Albanian Hacking Crew
  [~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
  [~] Home: http://a-h-crew.net
  [~] Download App:http://www.jpodium.de/index.php?option=com_rokdownloads&view=file&task=download&id=31%3Acomponent-v-0-9&Itemid=3
  [~] Version:0.9.015
  [~] Vendor: http://www.jpodium.de/
  ==========ExPl0iT3d by **RoAd_KiLlEr**==========
  
  [+]Description:
  JPodium is a Joomla! component to manage and display sports results. The intended use is to keep track of race results for e.g. a cycling club portal. Of course it is not fixed to any kind of sports but more to a certain structure of race results. This means that every athlete has a class (e.g. age class like "Master") attached and the results are listed per race in this classes.
  =========================================
  
  [+] Dork: inurl:"com_jpodium"
  
  ==========================================
  
  
  [+].SQL-i Vulnerability
  =+=+=+=+=+=+=+=+=+
  
  [Exploit]:http://127.0.0.1/path/index.php?option=com_jpodium&view=races&Itemid= [SQL Injection] 
  
  
  
  ===========================================================================================
  [!] Albanian Hacking Crew 
  ===========================================================================================
  [!] **RoAd_KiLlEr** 
  ===========================================================================================
  [!] MaiL: sukihack[at]gmail[dot]com
  ===========================================================================================
  [!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
  ===========================================================================================
  [!] Spec Th4nks:r0073r| indoushka from Dz-Ghost Team| MaFFiTeRRoR | AllInj3ct0r 31337 Members | And All My Friendz
  ===========================================================================================
  [!] Red n'black i dress eagle on my chest
  It's good to be an ALBANIAN
  Keep my head up high for that flag I die
  Im proud to be an ALBANIAN
  ===========================================================================================