Joomla! Component Jvehicles 1.0/2.0 – ‘aid’ SQL Injection

• Exploit Database
• 50 阅读

• 作者： Don Tukulesto
  日期： 2010-04-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12190/

• /**************************************************************************
  
  [!] Joomla Component Jvehicles (aid) SQL Injection Vulnerability
  [!] Author	: Don Tukulesto (root@indonesiancoder.com)
  [!] Homepage	: http://indonesiancoder.com
  [!] Date	: Mon, April 12, 2010
  [!] Tune in	: http://antisecradio.fm (choose your weapon)
  
  **************************************************************************/
  
  [ Software Information ]
  
  [>] Vendor	: http://www.jvehicles.com
  [>] Download	: http://www.jvehicles.com/index.php?option=com_remository&Itemid=6&func=fileinfo&id=6〈=en
  [>] Version	: 1.0 and 2.0
  [>] License	: GPL
  [>] Type	: Non-Commercial
  [>] Method	: SQL Injection
  
  ========================================================
  
  [ Proof of Concept ]
  
  http://server/path/index.php?option=com_jvehicles&task=agentlisting&aid=31337
  
  ========================================================
  
  [ Cheers ]
  
  [>] Chip D3 Bi0s : find the 1st bug with method Local File Inclusion
  [>] Indonesian Coder Team - AntiSecurity - ServerIsDown - SurabayaHackerLink
  [>] My brother M364TR0N - kaMtiEz - Gonzhack - El N4ck0 - ibl13Z - arianom - YaDoY666 - ./Jack-
  [>] elv1n4 - xshadow - SAINT - Cyb3r_tr0n - M3NW5 - Pathloader - Mboys - Contrex - amxku - inj3ct0r
  [>] xnitro @xtremenitro.org - DraCoola - r3m1ck - Senot - ran - CherCut
  [>] James Brown & Todd @packetstormsecurity.org - Maksymilian & sp3x @securityreason.com
  
  
  [ Notes ]
  
  [>] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM