Joomla! Component Address Book – Blind SQL Injection

• Exploit Database
• 13 阅读

• 作者： Sid3^effects
  日期： 2010-07-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14210/

• 1 ########################################## 1
  0 I'm Sid3^effects member from Inj3ct0r Team 1
  1 ########################################## 0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  Name :Joomla com_addressbook Blind Sqli Vulnerability
  Date : july 4,2010
  Critical Level 	: HIGH
  vendor URL :http://b-elektro.no/
  Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
  special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
  greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
  #######################################################################################################
  Description:
  The Front-edit Address Book is a powerful, but easy to use address book component for Joomla. If you are looking for a address book, or just a component that allows users to manage contact information directly from front,this might be what you are looking for.
  
  Some features:
  
  * Allows users to create, edit and delete contact information directly from front.
  * Multiple layouts available ("table", "list" and "single contact layout").
  * Some access control based on usergroups or individual users.
  * The component is designed to work together with com_contact (the joomla core contact component).
  
  #######################################################################################################
  Xploit :Blind SQli Vulnerability
  
  DEMO URL :http://server/index.php?option=com_addressbook&view=contact&Itemid=[Bsqli]
  
  ###############################################################################################################
  # 0day no more 
  # Sid3^effects