Joomla Products SQL Injection

Joomla Products SQL Injection: Posted Jan 26, 2012; Authored by the_cyber_nuxbie; The Joomla Products component suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; MD5 | 7e962809c67b0fcd61a0da4b6ae18dbf; Download | Favorite | Comments (0)

Joomla Products SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm NuxbieCyber member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[ Joomla Component com_products Multiple SQLi Vulnerability ]

[x] Author : the_cyber_nuxbie
[x] Home   : www.thecybernuxbie.com
[x] E-mail : staff@thecybernuxbie.com
[x] Found  : 25 January 2012.
[x] Tested : Windows 7 Ultimate.
[x] Tools  : H*v*j + SQLi Manual.
[x] Dork   : inurl:"/index.php?option=com_products"
________________________________________________________________
****************************************************************

[x] Vuln Exploit Report:
http://localhost/index.php?option=com_products&task=category&catid=[SQL Injection]
http://localhost/index.php?option=com_products&id=[SQL Injection]
http://localhost/index.php?option=com_products&catid=[SQL Injection]
http://localhost/index.php?option=com_products&product_id=[SQL Injection]
http://localhost/index.php?option=com_products&task=detail&parent_id=[SQL Injection]
http://localhost/index.php?option=com_products&task=edit_productdetail&id_pro=[SQL Injection]
http://localhost/index.php?option=com_products&Itemid=53&controller=home&task=displayitem&itemcode=[SQL Injection]
http://localhost/index.php?option=com_products&catid=1&Cat[]=[SQL Injection]
http://localhost/index.php?option=com_products&cid=[SQL Injection]
http://localhost/index.php?option=com_products&view=products&id=19&cat=[SQL Injection]
http://localhost/index.php?option=com_products&task=product&pid=[SQL Injection]
http://localhost/index.php?option=com_products&Itemid=[SQL Injection]

- Example Website Vuln:
http://calconsystems.com/index.php?option=com_products&catid=23' + [SQL Injection]
http://krudkutter.com/index.php?option=com_products&task=category&catid=2' + [SQL Injection]
http://winnersedge.in/index.php?option=com_products&id=7' + [SQL Injection]
http://lightingplastics.com/index.php?option=com_products&product_id=51' + [SQL Injection]
http://kiserrenovations.com/index.php?option=com_products&task=detail&parent_id=2' + [SQL Injection]
http://mekongtech.net/index.php?option=com_products&task=edit_productdetail&id_pro=120' + [SQL Injection]
http://questleisure.com/index.php?option=com_products&Itemid=53&controller=home&task=displayitem&itemcode=7519' + [SQL Injection]
http://bonefracturetreatment.com/index.php?option=com_products&catid=1&Cat[]=44' + [SQL Injection]
http://natcobd.com/index.php?option=com_products&cid=3' + [SQL Injection]
http://rocky-s.com/index.php?option=com_products&view=products&id=19&cat=20' + [SQL Injection]
http://173.254.37.56/index.php?option=com_products&task=product&pid=4' + [SQL Injection]
http://questleisure.com/index.php?option=com_products&Itemid=53' + [SQL Injection]

0day n0 m0re...!!!

Gr33tZ t0 :
[ 1337day Inj3ct0r Team ]

- Thanks To All Exploiters From Indonesian:
Akatsuchi, AntiSecurity, Arianom, bius, blackraptor, bumble_be, c4uR, cr4wl3r, cyberlog, Don Tukulesto,
EA Ngel, eidelweiss, Flyff666, Gendenk, gunslinger_, h4ntu, h010ng, IbnuSina, irvian, Jack, k1ngk0n9, k1tk4t, k4mtiez,
K-159, kecemplungkalen, M3NW5, Mbah_Semar, mywisdom, NoGe, NTOS-Team, Oli Bekas, OoN_Boy, Pokeng, S3T4N, s4va,
skulmatic, spykit, Sudden_death, team_elite, tempe_mendoan, the_day, tomplixsee, vanzay, v3n0m, vir0e5, Vrs-hCk, vYc0d,
Xr0b0t, y3d1ps, Z190T, etc... 

January, 25 2012, GMT +07:56 Solo Raya, Indonesia.

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Red Hat 75 files
Ubuntu 38 files
Sony 34 files
Debian 27 files
Tipping Point 22 files
Th4 MasK 18 files
tempe_mendoan 18 files
the_cyber_nuxbie 18 files
KedAns-Dz 15 files
HP 14 files

File Archives

Systems

AIX (345)
Apple (932)
BSD (302)
Cisco (1,186)
Debian (3,669)
Fedora (1,660)
FreeBSD (1,021)
Gentoo (2,387)
HPUX (659)
iPhone (93)
IRIX (217)
Juniper (58)
Linux (19,899)
Mac OS X (399)
Mandriva (2,144)
NetBSD (234)
OpenBSD (413)
RedHat (2,297)
Slackware (378)
Solaris (1,462)
SUSE (1,144)
Ubuntu (2,560)
UNIX (6,783)
UnixWare (145)
Windows (3,961)
Other

Joomla Products SQL Injection

Joomla Products SQL Injection

Comments

File Archive:

February 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Products SQL Injection

Share This

Joomla Products SQL Injection

Comments

File Archive:

February 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems